would this be a good way to start web hacking?
(03-27-2020, 09:12 AM)MuddyBucket Wrote:
(03-27-2020, 06:13 AM)QMark Wrote: So why did Insider recommend the easy way? Why do people at my school on the cybersecurity team say "some networking and some linux basics and you can start." On the other hand, people that are a part of the alt.2600 hacking community say I need far more programming skills. So on one hand I even hear some professional hackers tell me to learn much more advanced programming in order to get good. But then when I contact the elearn security team they say "to take our web hacking course just know basic networking and linux and take our intro course first" and I think "well, but if I do that, how will I be as effective as someone who knows enough web development that they could have invented SQLi?"

Thanks for the answer by the way. I really appreciate it. I'm gonna spend several months learning web development while I work on Sec+ and CCNA over the summer. In fact, I am gonna be working on web development as of today and I already started again on code academy. I made a decision to do both: learn the programming and web development and get good at that, as well as learn the Linux and networking knowledge. I think its better to go overkill than underkill when it comes to learning, and as well as in life in general.

But right now I'm focused on computer networking and web dev and I'm aiming to practice a little more Linux skills maybe in Fall, while still learning web development. By that point, I think I am gonna end up learning some of my web penetration testing through the unlimited elearn security courses my school's cybersecurity club gave me access to. That is, if I'm ready by then. I think I probably will be ready though because I'm a fast learner when I put my mind to something.

I have just been very scattered about everything, but now I am more focused and persistent the past few months.

Based on what I've read, I'm not certain that Insider necessarily recommended the easy way. I'm not a full-on developer. I don't like coding (anymore at least). But I have a solid understanding of programming concepts. I can look at source code and completely understand what it's doing. I can see security mistakes and oversights that have been made. If I need to write code I can write code in about a dozen languages. But the last time I actually worked on an actual programming project/application was probably 5 years ago. But that's the thing. If you can't look at code, understand what it's doing, then how are you going to even begin to break it?? This is the key. You don't need to be the world's best programmer. You need to be a solid programmer. To be good.

However, maybe I wasn't particularly clear. When you're learning programming, you should absolutely be learning secure programming practices as well. Security isn't an addon, it's integrated. Or at least it should be. Same goes with networking. Learn networking, but you should be learning about best practices as well, which includes security. Security should never be an afterthought. 

Security isn't really something you should 'go back and learn'. It should be part of the learning process. This learning process is more or less what makes you a good hacker. You begin to fully understand how things work. Once you've gotten to a point where you fully understand how things work, you begin to understand how you can break them. It's a natural progression. Once you get to this point, you may do more research on new ways people have come up to break systems - that you may not have found. And while this is similar to X action, Y condition, Z result - understanding how everything works allows you to change X actions depending on how Y condition changes to get the same or similar results.

Would building networks help? What is a good way of learning computer networking fundamentals? I get that it doesn't help just to earn a bunch of certs is why I ask.

Messages In This Thread
RE: would this be a good way to start web hacking? - by QMark - 03-27-2020, 06:14 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
  Loopholes in an web application Reaper 1 1,886 06-02-2021, 07:59 PM
Last Post: Insider
  Coldfusion hacking Insider 2 13,225 02-13-2021, 08:44 PM
Last Post: Insider
  Basics of website and server hacking Insider 0 8,986 03-26-2020, 09:34 PM
Last Post: Insider
  is my site secure from common hacking? mhiats37 1 8,060 05-11-2019, 03:03 AM
Last Post: misfit