Where should I start learning? - General Security Discussions

realitybend

I'm interested in learning practical exploitation (hacking) of websites. I know html, php, most javascript, and C++.

Where would you recommend I start learning? I've already gone through all the basic missions on HTS.

Thx.

chroniccommand

Well how well do you know PHP and the other web languages. If you know a lot you can learn basic exploitation such as:
SQLi
XSS
CSRF
Cookie poisoning
etc..
I'm no expert in web exploitation but I do know the basic gist of stuff. After you learn the basics, you should learn HOW they work and how to find them in PHP code. If you're auditing something like myBB you're not gonna find a simple SQLi vuln in the core of the code. You may want to dive deeper into more advanced techniques. I also have a collection of books here:
http://bit.ly/eiv5gV

I know theres a paper in that tarball about going from SQL injection to full operating system control.

Good luck :)

Xin

Download 'Damn Vulnerable Web App' its great for practicing on.

wTg

said:

Download 'Damn Vulnerable Web App' its great for practicing on.

Do you need to put all of the pages onto a free web host to practice on it ?

Xin

said:

said:

Download 'Damn Vulnerable Web App' its great for practicing on.

Do you need to put all of the pages onto a free web host to practice on it ?

A localhost would be better just whip up a quick apache server

wTg

Okay cheers. Will definitely have a go with this.

Sh3llc0d3

I think if you uploaded DVWA onto a hosting service they'd insert a pole up painful areas.

wTg

Haha okay fair enough :L

Howdy, Stranger!

Top Posters

Who's Online (2)