Page 1 of 1

How to start off with webapp pentest?

PostPosted: Mon Jun 06, 2016 12:50 am
by Nanjou
Hi guys,

I am a beginner in webapp pentest and I found that this field is really wide.

So I would like to know what are the good ways to start with.

Really appreciate of your advises.

Re: How to start off with webapp pentest?

PostPosted: Mon Jun 06, 2016 6:59 am
by Jbraithwaite
Do the realistic based missions on this site. That'll give you a good grounding. Also read the Web Application Hackers Handbook. It's full of really useful stuff. Helps if you do know a ton of web based coding as you're always in viewing source code. Having an understanding of Javascript, PHP and MySql can help too.

Look up things like

Sql Injection
Cross Site Scripting (XSS)
Cross Site Resource Forgery(CSRF)
Session cookie management

Although to be fair you'll learn a lot from doing the HTS missions.