Changing direction....

I decided that I needed to stop the Metasploit experimentation and go back to the basics of web application security. The Raleigh OWASP chapter got together this June to talk about how to use certain software that is useful in performing network penetration testing and I thought that would be a great place to start. I am going to start a blog series on using these tools and techniques to try and break your or someone else's web application defenses.

On our OWASP listserv someone mentioned a book that I looked into and as a newbie I think it is pretty awesome. It is called The Web Application Hacker's Handbook. Here is the information from Amazon:



I didn't buy it from Amazon but I was able to utilize my Safari Books online account to start reading the book. According to the book's introduction, this book is a practical guide to discovering and exploiting security flaws within web applications.

What I like about this book is the way the authors describe the process of hacking into logical steps. They start out by telling you why mapping your target application is important. Then they tell you in detailed steps how to do it. In addition, they list the tools that assist you in performing the tasks. The more experienced members of the OWASP group have told me about these same tools as listed in the book so they seem to be up to date and topical.

In more postings, I will get into how I started using this book and which tools that I have downloaded and installed. Hopefully, Metasploit will make more sense to me once I have a chance to get through this book!

In a related note, I thought it would be a good idea to spend the summer before school starts this semester studying for the CISSP certification exam. It costs around $500 to sit and the next test is for November. I would have to take the associate exam since I don't have the required professional security experience but it would be good for my career to pass it. Stay tuned.