Hands-On Guides? Testing Labs?
Hey, haven't been here in a while, so I guess my first post of many will start here with a question.
www.ngssoftware.com/papers/advanced_sql_injection.pdf
If you'd go and view this pdf on sql injection. You would see that within this guide, An example of html and ASP code were provided to actually help explain what they were talking about. Kinda of like a Hands on Walkthrough approach on actually teaching what bad coding looked liked and what exploiting it was like, giving you the view of the developer and the attacker at the same time. To me, this was a perfect learning method and I actually understood it and then passed Basic 21! Since I liked it, I did search for other guides like this one but my results was just "Webgoat" and "Hackme's" and other stuff that wasn't exactly what I was looking for. I don't want to just know how to do the attacks but to actually understand it from inside-out from developer to hacker, actually learning what makes the code bad and what makes code secure. So since their are (sometimes) strength in numbers, my question to the community is this.
Do you know of any guides/papers that is like the one shown above?
Do you know how to build your own webhacking testlab (like this site) to be able to test and apply what you have learned from here?
Any help will be appreciated, thank you for your time.
That technique is very common, guess it's a hallmark of a good guide. Just have a look around papers on milw0rm has a few sometimes okay.
Some great guides though don't, they depend on the effects rather than cause. Sometimes you wont have access to code or will find a novel vunrability and maybe it's helpful soemtimes not to look at a particular cause.
You could try XAMPP (http://www.apachefriends.org/en/xampp.html) coupled with Damn Vulnerable Web App (http://www.ethicalhack3r.co.uk/damn-vulnerable-web-app/).