Web App Pentesting training??
zenlakin
Member Posts: 104
Anyone have any good recommendations for some good and comprehensive web app pentesting training or training materials? Something from beginner to advanced preferably. I am not necessarily looking for a certification type course. Just good and legitimate training or training materials to start from the beginner and really deep dive into web app pentesting. Thanks!
Comments
-
NotHackingYou
Member Posts: 1,460 ■■■■■■■■□□
I recommend these two Pluralsight series by Troy Hunt OWASP Top 10 and ASP.NET Security secrets revealedWhen you go the extra mile, there's no traffic.
-
NovaHax
Member Posts: 502 ■■■■□□□□□□
eWPT was really good. But if you are looking to do things on the cheap, just grab a copy of Mutillidae, DVWA and Webgoat. Also...eLearn has hack.me that has a bunch of vulnerable VMs for testing (for free). Look up some tutorials or just start playing around and seeing what you can break.
-
philz1982
Member Posts: 978
So what I need to test is a purely java based machine, that use windows as its OS. It's not a web app in the traditional form with a web page and such. It is rather a windows device with java interfacing between the C# code. Thoughts on courses for this? Also the web server is an IIS web server.Read my blog @ www.buildingautomationmonthly.com
Connect with me on LinkedIn @ https://www.linkedin.com/in/phillipzito -
philz1982
Member Posts: 978
eWPT was really good. But if you are looking to do things on the cheap, just grab a copy of Mutillidae, DVWA and Webgoat. Also...eLearn has hack.me that has a bunch of vulnerable VMs for testing (for free). Look up some tutorials or just start playing around and seeing what you can break.
Was or is? That statement scares me before I spend my money
. Maybe I just read to much into whenever I see the word was.... Read my blog @ www.buildingautomationmonthly.com
Connect with me on LinkedIn @ https://www.linkedin.com/in/phillipzito -
BlackBeret
Member Posts: 683 ■■■■■□□□□□
There's a lot of good free resources before you spend money check out OWASP Mutillidae II.
Sorry, just saw that Nova beat me to it. I'd go with his post for free. -
GarudaMin
Member Posts: 204
Doesn't ISC2 offers its member free OWASP Top 10 course? I don't know if they still do.
-
philz1982
Member Posts: 978
Doesn't ISC2 offers its member free OWASP Top 10 course? I don't know if they still do.
That would be real good to know Read my blog @ www.buildingautomationmonthly.com
Connect with me on LinkedIn @ https://www.linkedin.com/in/phillipzito -
philz1982
Member Posts: 978
It's still there you need to search for it once you login.Read my blog @ www.buildingautomationmonthly.com
Connect with me on LinkedIn @ https://www.linkedin.com/in/phillipzito -
KR34
Member Posts: 7 ■□□□□□□□□□
Hi start with those " FREE " resource
* https://www.pentesterlab.com/
Joe McCry free videos
* DEFCON 17: Advanced SQL Injection - YouTube
* Web App Pentester Night School Day 1 - YouTube
Learn PHP with Mysql
PHP Tutorial 1 - Introduction (PHP For Beginners) - YouTube
Try to built your own web site in local machine i mean try to understand the code behind the Post & GET and forms ...etc
search for mutillidae , DVWA in youtube
Web Application Pen-testing Tutorials With Mutillidae (Hacking Illustrated Series InfoSec Tutorial Videos) " by Jeremy Druin " ==> SANS Institute
Take your time reading in W3Schools Online Web Tutorials html , javascripts , php , mysql ...etc -
LionelTeo Member Posts: 526 ■■■■■■■□□□
Something as cheap as 50 to 100 dollars is also good, look for web application hacking handbook and set up a vbox with Kali, Windows XP installed with DVWA and Webgoat. ] -
NovaHax
Member Posts: 502 ■■■■□□□□□□
Was or is?
I just said 'was' because I took it in the past (a few months ago). I'm sure it still 'is' too.
