[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] learning hacking techniques

From: "Vance, Michael" <Michael.Vance@xxxxxxxxxxxxx>
Subject: RE: [WEB SECURITY] learning hacking techniques
Date: Fri, 20 Nov 2009 14:30:37 -0500

Miguel-

The Open Web Application Security Project (OWASP, http://www.owasp.org) is your friend.  They have a ton of information on any Web App vulnerability you could ask for.  Their main page on XSS is http://www.owasp.org/index.php/Cross_Site_Scripting_Flaw.  They also have links to other resources.

OWASP also maintains a "practice" environment called WebGoat (http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project).

The other "classic" vulnerable Web App is Hacme Bank, maintained by Foundstone.  It can be found here: http://www.foundstone.com/us/resources/proddesc/hacmebank.htm

Good luck!

-Michael

-----Original Message-----
From: Miguel González Castaños [mailto:miguel_3_gonzalez@xxxxxxxx] 
Sent: Friday, November 20, 2009 12:09 PM
To: websecurity@xxxxxxxxxxxxx
Subject: [WEB SECURITY] learning hacking techniques

Hi,

  I'm starting a course in computer security and I see that that there 
are some websites like hacklabs that can be used for learning hacking 
techniques. However, it seems the registration process doesn't work.

  I'm looking in general for:

  - any clear free documentation about hacking techniques, not only 
teaching concepts but giving you examples.
 
  - any website or any sandbox (maybe a virtual appliance)  where you 
can practice those concepts.

 In particular:

 - I'm looking for documentation of how to do a XSS attack. It's part of 
my course (a company course) and the truth is that the documentation is 
not very clear.

Thanks in advance

Miguel

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA


This E-Mail has been scanned for viruses.

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

Follow-Ups:
- Re: [WEB SECURITY] learning hacking techniques
  - From: Steve Pinkham

References:
- [WEB SECURITY] learning hacking techniques
  - From: Miguel González Castaños

Prev by Date: RE: [WEB SECURITY] learning hacking techniques
Next by Date: [WEB SECURITY] Announcement - ModSecurity Core Rule Set Demo Testing Page
Previous by thread: RE: [WEB SECURITY] learning hacking techniques
Next by thread: Re: [WEB SECURITY] learning hacking techniques
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site