|
|
|
|
|
|
by jdasinger
3259 days ago
|
|
|
How would you suggest approaching these books in order to translate the "reading" into practical/demonstrable skills? For instance, I'm currently working through The Web Application Hacker's Handbook and also trying things out with OWASP's Broken Web App VM's. I feel like the book is covering a lot more than the broken web apps do, and the broken webapps don't really give a ton of practice, although so far I've only gotten into the "Training" webapps (Mutillidae, Webgoat, DVWA etc), so maybe just digging into the "realistic" apps more will expose me to more of what's in the book. Just looking for some guidance on how to approach the reading-vs-doing divide. Thanks for the advice. |
|
|
Practically speaking, read through each chapter and then try to find an example of this vulnerability in an existing web application. Try bug bounties as well to get a feel for where real world developers make mistakes. A lot of information security is learning to challenge assumptions.