what next

i want to specialize in web hacking and I've been learning a couple of different languages. here are the things i know.

i am competent in HTML, JAVASCRIPT, PHP, SQL, XML, and FLASH.

what i am asking is what else is there that i should be studying. I'm not looking to learn languages like PYTHON, C++, C, or PEARL.

just anything that would help me to understand the internet and how it opperates.

P.S. could anyone post a link where i can learn about XSS (what it is and how it works).

thank you for your time.

Here ya go!

thanks man that was actually helpful.

That PDF is awful. Not only did it cover shit, it also covered shit. Sla.ckers.org, go find some real XSS.

That PDF is a good start to understanding XSS.

BIBER wrote: That PDF is a good start to understanding XSS.

Meh, it teaches you Javascript. It says NOTHING about XSS, NOTHING. Jezus christ, stealing cookies isn't XSS. It's using Javascript and PHP. The real challenge lies within the "evading the filter or somehow let it pass my code", that's the trick.

Not some soggy cookie stealer.

*biber crawls back in his lair……….echo "ok, ok, ok, dnt hrt me pls" :D

fallingmidget wrote: PEARL.

Did anyone else rofl? Anyone? No?

The payload of XSS has a fair amount to do with javascript. However, as spyware mentioned, the actual exploitation does not.

Learn Ruby if you like teh gemst0nez ^^, anyway, it wouldn't hurt to learn Perl. You know PHP right? If that's the case Perl is no problemo for you. Install ActivePerl on your Windows box and get going.

Well, if he just wants to work with web application security and other interwebz things, he probably doesn't need to work much with perl, or any of the other languages he mentioned.

I would learn a TON about the HTTP protocol, and TCP/IP.

you said it. That's what I want. To learn web applications and other interweb thingys (I can't quote cause I'm using my itouch). But do you think JAVA might be useful. I'm not really sure on what scripting languages (other than the obvious ones) affect the web.

fallingmidget wrote: you said it. That's what I want. To learn web applications and other interweb thingys (I can't quote cause I'm using my itouch). But do you think JAVA might be useful. I'm not really sure on what scripting languages (other than the obvious ones) affect the web.

Languages don't affect the web, applications do. Trying to learn every single web programming language isn't very realistic is it.

Learning the quirks of the functions and structure of the languages, learning the quirks and structure of HTTP, learning the quirks/structure/flow of TCP/IP, that will get you somewhere.

Roflmao, well, anyway. You might want to learn AJAX (what is is, it's not a skill/language, it's a technique to create applications). Maybe Ruby On Rails is something for you, too.

And, as LLOH already mentioned, learn protocols. Learn how data is send and received. It's very important to know what you are doing.

wow fritzo you just made my day, the bubble talk was awesome. @spyware: respect man!