If you want to learn about web hacking, Security Monkey* highlights 2 videos and 2 books on the subject. The videos are very basic and over an hour long, and are free for the viewing.
The videos were presented by Dan Guido at Polytechnic Institute of New York University, a private technology university in Brooklyn, New York.
Web Hacking 1 discusses:
- Web applications in general
- Web vulnerabilities
- Basic web testing methodology
Web Hacking 2 discusses:
- Same-origin policy
- Authentication & authorization
- Cross-site request forgery
- Web Services
- Cryptography
To see the videos full size, follow Security Monkey’s link over to Vimeo where the video were released. You’ll also see other videos by Guido, such as:
- Memory Corruption 1 & 2
- Reverse Engineering 101
- Reverse Engineering 1 & 2
- Code Audits 101
- Code Audits 1 & 2
- and more!
See Security Monkey’s post about Web Hacking 101 here.
Before you do web hacking, make sure you have a GOOJ card.
* Security Monkey‘s blog is in my blog roll links. If you haven’t read him, you’ve missed a lot. Check out his case files (novel-like descriptions of real forensic events).
P.S. One of the reasons I blog is because of all that I’ve learned from others, for free! Remember to give back to the community regularly, even if it’s only to cheer someone on and thank them for their hard work.
ITauditSecurity 