开发者

detecting vulnerabilities in web applications and desktop applications

开发者 https://www.devze.com 2023-01-27 09:57 出处:网络
Sorry, this is not a question about a specific programming language, but i need opinion on this. Please don开发者_如何学Go\'t vote for close.

Sorry, this is not a question about a specific programming language, but i need opinion on this. Please don开发者_如何学Go't vote for close.

where do I learn about detecting vulnerabilities from the scratch?

I know HTML, CSS, JS, Java, and C.

So, where do I learn about detecting vulnerabilities in applications written in these prog. languages?

I heard of contests where "hackers" detect vulnerabilities in web browsers in mere seconds. I know experience is the main key here! but what other factors I can grow in myself to be one like this?

PS: Don't see "google", I`m looking for recommendation!


For starters CSS, HTML and JS don't really contributed to the insecurity of your application. There is DOM Based XSS, but that is very uncommon. By contrast many vulnerabilities are found in Java and C each year.

There are 2 major methodologies for finding vulnerabilities in code. There is static code analysis using tools like grep or Rats or more advanced tools like the ones provided by Fortify and Coverity.

The other method is by fuzzing application. For looking for problems like buffer overflows in non-web applications Peach is an excellent testing platform. For testing web applications for common vulnerabilities like XSS and SQL Injection then you should use tools like Wapiti(open source) or Sitewatch (free service).


A good start is the OWASP top 10 list:

Category: OWASP Top Ten Project

The huge majority of any web security vulnerabilities will fall into these categories.

0

精彩评论

暂无评论...
验证码 换一张
取 消