Penetration Testing mailing list archives

Hacking and Building Web Applications

From: "Swaminathan, Balaji" <Balaji.Swaminathan () kla-tencor com>
Date: Mon, 4 Jan 2010 20:46:40 +0530

Hi all,

Just started learning abt penetrating Web applications since last 1
month which is going to be my part of job shortly. To start with, I am
basically not from the programming background. So spending time in
learning them starting with Javascript, ASP, SQL, PHP etc (assuming that
I am going in the correct way). But the chances of testing the Web Apps
will not be much more due to the constraints put forward by my client.
So I am planning to build some web apps (probably vulnerable....!) on my
own and trying to hack into it. From the testing point of view, I am
going through OWASP 2007 standards and some by SANS. I feel the OWASP
methodology to be pretty self-explanatory, easier and good in concept
wise. Also I am following Web Applications Hacker's Handbook, which also
seems to be a good source.

Ofcourse, there will be much more things that needs to be known, that
what I am learning right now. One more fact from my side is, I am not
learning from from a pure developer point of view concentrating on
things like Flash, Animation, Presentation etc. I mean not from the
desgining perspective, but rather from a "logical n concept oriented
angle" (something like Session script, Cookie generating scipt etc) that
helps to test, analyze and hack Web Apps.

Please do suggest:

What are the prog languages that needs to be known and probably with
some good online sources, that can help me in learning them as quick as
possible?

Requirements, Considerations and methodologies in designing web
applications

Testing and Hacking Methodologies (similar to OWASP, SANS etc)

Is there any other things that needs to be focused?

Would be really grateful if you can help me out in this. Thanks in
advance.

Regards,

Balaji Swaminathan .M

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Re: Pentesting lab chr1x (Jan 04)
- <Possible follow-ups>
- RE: Pentesting lab Swaminathan, Balaji (Jan 04)
  - Re: Pentesting lab s3c.b3n (Jan 04)
  - RE: Pentesting lab Elliot Fernandes (Jan 04)
    - RE: Pentesting lab Swaminathan, Balaji (Jan 04)
    - RE: Pentesting lab Elliot Fernandes (Jan 05)
    - Hacking and Building Web Applications Swaminathan, Balaji (Jan 05)
    - Re: Hacking and Building Web Applications Morgan Reed (Jan 06)
    - RE: Hacking and Building Web Applications Swaminathan, Balaji (Jan 11)
    - Re: Hacking and Building Web Applications Morgan Reed (Jan 11)
    - Re: Hacking and Building Web Applications J. Bakshi (Jan 06)
    - RE: Hacking and Building Web Applications Swaminathan, Balaji (Jan 11)
    - Re: Pentesting lab charles watathi (Jan 06)
    - Re: Pentesting lab s3c.b3n (Jan 11)
    - Re: Pentesting lab s3c.b3n (Jan 11)
  - Re: Pentesting lab Prince Pro (Jan 05)
    - Re: Pentesting lab s3c.b3n (Jan 11)