Re: Hacking and Building Web Applications



On Thu, Jan 7, 2010 at 23:10, Swaminathan, Balaji
<Balaji.Swaminathan@xxxxxxxxxxxxxx> wrote:
Can you please brief me on why it is not advisable to frame and hack our own applications? Why I am concerned here is, I guess it will help me understand the code behind the logic to some moderate extent and hence and facilitates the code review process. Please advise. Also any best testing methodology look into...?

It is not advisable to hack your own applications because this will
severely limit your exposure to different kinds of vulnerabilities,
and if you are deliberately introducing exploitable bugs you will
already know where/what they are, in a real world scenario much of
your testing will be "black box".

The other benefit of using Hacme/DVL is that their bugs are cataloged
and well documented, this means you have a metric you can use to
quantify your progress.

Certainly writing a few web applications is a good way to get the
basics down with regards to HOW they work, but I wouldn't recommend
you use this as the main part of the learning process.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: ASP.NET application testing
    ... named "Testing ASP.NET web applications" written ... developers do that leads to SQL injection? ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • 2 x Java/IT positions
    ... We are now looking for two candidates to fill the following roles, ... It is primarily applications java but we do have some flash/flex ... queries, ie net work printer seup,w3k domain user management, trouble ... Strong java backgrounds with exposure to spring and hibernate mostly ...
    (uk.jobs.offered)