Web App Pentesting
NightShade03 Member Posts: 1,383 ■■■■■■■□□□
Any one do web application security or pen testing? I'm looking for some good resources in how to break into this area. There doesn't seem to be any good reference on how to go from being a system/network admin into security (aside from spending countless hours figuring out different tools and technologies one by one).
That's any type of pen testing, and it never ends
Damn Vulnerable Web App | Get Damn Vulnerable Web App at SourceForge.net
(the main site: http://www.dvwa.co.uk/ seems to be down at the moment)
Amazon.com: The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws (9780470170779): Dafydd Stuttard, Marcus Pinto: Books
Amazon.com: Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast (9780596514839): Paco Hope, Ben Walther: Books
GIAC Web Application Penetration Tester (GWAPT)
Pentest Labs: Web Application Edition Security Aegis
Samurai Web Testing Framework
skipfish - Project Hosting on Google Code
I haven't the chance to play with it much but it does seems to have some potential!
Sounds like you should start developing your own vulnerable apps and then exploiting them. That'll get you up to speed on both sides of the equation and help foster a deeper understanding of development and exploitation.
Also, check out the hacking exposed series they make a book specifically for Web app pentesting, I own most of their books and they are invaluable.
I've used BT since version 2 def a great tool! I also have all the hacking exposed series as you said they are invaluable and a great resource to refer back too...thanks!
@dynamik - good suggestion I'll have to give that a go.
CCNA Security | GSEC |GCFW | GCIH | GCIA