Mavituna Security - Netsparker Vulnerability Scanner
[Advertise With HackThisSite.org]

Hack This Site - Forums Index

Confused CS grad :/

Random things go here
Post a reply

Confused CS grad :/

Post by segap on Thu Mar 29, 2012 6:12 pm
([msg=65312]see Confused CS grad :/[/msg])

Hey all ,

I myself am a CS graduate , good with C , Java ,php , SQL and basic Bash type stuff sed/grep (but no awk stuff). Basically your bog standard IT student with nothing special knowledge wise.

Since I got a job recently I've also been starting to learn python but would consider myself very basic in that.
Basically I am just here asking for guidance , I don't want any help with any of the missions or anything like that but help with what path i should go forward with since I was once part of a ethical hacking study being done with graduates on specially created unsecure site... but that mostly involved SQL injection which i loved and then some CSS attacks which i was prety bad at since i never really knew javascript.
But when i come to this site it's completely different to what i expected ( just started on the basic missions and i'm up to level 5 i think)

It just seems as though i've been thinking about this the completely wrong way. I know this is a bit of a jumbled up rant but i think thats a representation of how clusterfucked my brain is :)

So to sum up since this was a ramble : If you were in my position what would you do to better yourself at this ?


PS: Is the stat that between 50-80% of websites are SQLi vunrable comeplete BS because I think in all my random sampling of sites I've only ever seen one ?
segap
New User
New User
 
Posts: 2
Joined: Thu Mar 29, 2012 5:57 pm
Blog: View Blog (0)

Re: Confused CS grad :/

Post by scrptnnj on Thu Mar 29, 2012 9:47 pm
([msg=65320]see Re: Confused CS grad :/[/msg])

Welcome.
I'm by no means an expert but, as far as bettering your self at security I have learned a lot from this site's challenges and articles. If you get stuck on any mission there are articles for most of them that will lead you in the right direction without just telling you the answer.

Besides this site I have learned just about everything I know from Google and YouTube. I am in college now but have not even gotten to take one IT class yet. The only formal training I have is from a compTIA A+ class I took in high school. I taught myself programming(python, php, javascript, html, mySQL, c++) from online tutorials and Stackoverflow.com.
Here are some great, basic php security tutorialshttp://www.youtube.com/playlist?list=PL5F8BFE541D972472&feature=plcp.

I think one of the best ways to learn more is just to mess around with stuff. I learned bash by playing around with Linux and FreeBSD. A great way to learn is to set up a "lab" with vm's, use one vm to attack another. As far as web exploits I like to set up an apache server(in a vm) with my own php on it, and exploit it. If I can not find any I research new methods. Once I find and exploit a vulnerability, then I research how to protect against it, and patch my code. That way I learn attack and defense.

As far as the 50-80% being SQLi vulnerable, I don't know, but there are some pretty complicated exploits so just because you can't find a vulnerability doesn't mean there are not any.

CSS attacks

You attacked cascading style sheets? :D
jk, people generally use XSS for cross-site-scripting.
User avatar
scrptnnj
New User
New User
 
Posts: 14
Joined: Mon Mar 26, 2012 4:15 pm
Blog: View Blog (0)

Re: Confused CS grad :/

Post by segap on Fri Mar 30, 2012 5:48 pm
([msg=65343]see Re: Confused CS grad :/[/msg])

scrptnnj wrote:
CSS attacks

You attacked cascading style sheets? :D
jk, people generally use XSS for cross-site-scripting.


Ha , actually one of those wierd conicidents C and X being beside each other on the keyboard :)

Yeah thanks for the advice , i think becomming more educated in the languages through tutorials is the way i'll go. I think I may aswell finish off with knowing the ins and outs of python before i go off on other languages. And the worst case scenario is it won't help me at cracking but I'll at least have another tool at my disposal.


Life would be so much easier if you could hack in java
segap
New User
New User
 
Posts: 2
Joined: Thu Mar 29, 2012 5:57 pm
Blog: View Blog (0)

Re: Confused CS grad :/

Post by LoGiCaL__ on Sat Mar 31, 2012 12:56 am
([msg=65359]see Re: Confused CS grad :/[/msg])

segap wrote:Life would be so much easier if you...


...had more time. The problem I'm finding is deciding which new area/topic/technology to spend learning. I spend time on one, then some time later my interest switches and then just put the previous interest to the backburner until i need it again.
User avatar
LoGiCaL__
Moderator
Moderator
 
Posts: 1047
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)

Re: Confused CS grad :/

Post by centip3de on Sat Mar 31, 2012 1:42 pm
([msg=65384]see Re: Confused CS grad :/[/msg])

LoGiCaL__ wrote:...had more time. The problem I'm finding is deciding which new area/topic/technology to spend learning. I spend time on one, then some time later my interest switches and then just put the previous interest to the backburner until i need it again.


I can relate to that. Luckily for me though, I found OS design/development, haven't looked back. :)

Finding your one niche, is quite a lot like falling in love, you'll know when you found it.
I am c0bra2's idiotic bitch. (I lost a bet)
User avatar
centip3de
Addict
Addict
 
Posts: 1215
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)
Post a reply

Return to Off-Topic

Who is online

Users browsing this forum: No registered users and 0 guests

Disclaimer :
HackThisSite does not support illegal activities.
The management of this board is not responsible for the content of any external internet sites.
Powered by phpBB © 2000-2009 phpBB Group
Carbon Style By Echo -=Designs By Echo=- © 2007 Echo
Administration Control Panel