How to start off with webapp pentest?

General technological topics without their own forum go here

How to start off with webapp pentest?

Post by Nanjou on Mon Jun 06, 2016 12:50 am
([msg=92422]see How to start off with webapp pentest?[/msg])

Hi guys,

I am a beginner in webapp pentest and I found that this field is really wide.

So I would like to know what are the good ways to start with.

Really appreciate of your advises.
Nanjou
New User
New User
 
Posts: 1
Joined: Sun Jun 05, 2016 3:57 am
Blog: View Blog (0)


Re: How to start off with webapp pentest?

Post by Jbraithwaite on Mon Jun 06, 2016 6:59 am
([msg=92423]see Re: How to start off with webapp pentest?[/msg])

Do the realistic based missions on this site. That'll give you a good grounding. Also read the Web Application Hackers Handbook. It's full of really useful stuff. Helps if you do know a ton of web based coding as you're always in viewing source code. Having an understanding of Javascript, PHP and MySql can help too.

Look up things like

Sql Injection
Cross Site Scripting (XSS)
Cross Site Resource Forgery(CSRF)
Session cookie management

Although to be fair you'll learn a lot from doing the HTS missions.
In training....
Jbraithwaite
Poster
Poster
 
Posts: 198
Joined: Tue Nov 10, 2015 4:35 am
Location: Whatever my VPN says.
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests