Teach Yourself Web Security

Recently, I have found many of my friends are learning programming, and are even interested in information security! This made me ecstatic! Suddenly, we sparked in depth conversations, but when they started asking how I learned much what I have, the painful but true answer was: I taught myself. And it was certainly a long and slow road, but now I want to help others along the same path, and broaden general perspectives on information security. For starters, Web Security is probably my favorite security topic, as it brings almost all of the issues in the security world to one dangerous front, The Internet. When studying Web Security, it is best to understand some of the more common vulnerabilities first, such as OWASP's Top 10, which include all the classics, like XSS, and SQL injections. You can also check out my article analyzing the OWASP Top 10, for a better understanding of the vulnerabilities, and their related hacks. Once you are familiar with the vulnerabilities, it is best to get some practice in. One of the best web exploit testing suits is called WebGoat, which is totally free, security learning software. WebGoat is amazing because it provides tips to help noobs progress, but still gain valuable experience in performing the hacks themselves. WebGoat even provides graded feedback, and is definitely great place to start. After that, you may want to check out some great Web-Sec books, like WAHH, or Web Application Hackers Handbook, one of my favorite security books of all time. This book comes with a great tool package called, "The Burb Suite", but other amazing tools also exist, WebScarab being another popular proxy suite. With all those resources, learning on your own should be cake now! But be careful fellow security padawans, you don't want to test code where you don't have permission, this kind of stuff can have very serious real-life consequences.