Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PHP hacking sites...

from [Serg B.] Network Security [Permanent Link]
Subject: Re: PHP hacking sites...
Date: Fri, 24 Aug 2007 13:30:33 +1000 
PHP "hacking" is very much like "hacking" any web based application.
To do that you need to understand how applications are built and what
they (the target) are built to do.

Also, you need to define "hacking". Do you want to get access to
server shell? Fool users with disinformation? Crash the site? Steal
data? etc.

So, instead of hacking an application, perhaps you should write one.
At the end you will be answer your own questions in far greater detail
then some silly "How to pw4n n00bs" tutorial.

But, to answer your original question (even though I think you are
going about it the wrong way):

http://phpsec.org/
http://www.owasp.org/
http://phpsec.org/projects/phpsecinfo/index.html
[Insert list of all widely used database server websites here]

Either way, to break something in a way that would be useful to you,
you need to understand how it works. Code first, break later.

   Serg

On 23 Aug 2007 14:20:04 -0000, tenbatsui@yahoo.com <tenbatsui@yahoo.com> wrote:

I have a grasp of a lot of php programming, but not enough to apply it to 
hacking. I am by far not a programmer and understand javascript hacking 
enough to do some basic audits for javascript.

Does anyone have any good reading material for PHP hacking and even a check 
list style motions for Auditing PHP apps?

Just trying to get some more broad techniques I mean I know ?Try xss here 
stuff and "/><script> style but I am looking more for how to defeat the php 
apps and gather information from them. Trying to focus more on that area of a 
php app and playing with them a little more.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Bittorrent Data Port Probe, p1g
Next by Date:  Re: Webcams, anastasiosm
Previous by Thread:  PHP hacking sites..., tenbatsui
Next by Thread:  Webcams, Holstein, Robert - BLS CTR
Indexes:  [Date] [Thread] [Top] [All Lists]