Introduction to pentesting: Web-Based Exploitation

Where do I go from here?

As has been pointed out several times, there is little doubt that this attack vector will continue to grow. Once you have mastered the basics we discussed in this section, you should expand your knowledge by digging in and learning some of the most advanced topics of web application hackign including client-side attacks, session management, source code auditing and many more. If you are unsure of what else to study and want to keep up on the latest web-attack happenings keep an eye on the “OWASP top ten”. The OWASP Top Ten project is an official list of the top web threats as defined by leading security researches and top experts.

Since we are talking about OWASP and they have graciously provided you a fantastic tool to learn about and test web application security, there are many benefits of joining the OWASP organization. Once you are a member, there are several ways to get involved with the various projects and continue to expand your knowledge of web security.

Along with the great WebScarab project, you should explore other web proxies as well. Both the Burp Proxy and Paros Proxy are excellent (and free) tools for intercepting requests, modifying data and spidering websites.