
Web Hacking 101 [pdf] - bikeshack
http://www.gironsec.com/WebHacking101.pdf
======
vezzy-fnord
A mediocre, haphazardly put together cheat sheet with often application-
specific examples. Pick up _The Web Application Hacker 's Handbook_ instead,
or read the OWASP Testing Guide.

~~~
nerdy
Thank you for not bashing without providing alternatives

------
catlover99
This is a good rough draft but it lacks a lot of basic background information.
It reminds me of trying to teach programming by only providing a collection of
code snippets, these are useful but they won't replace true guidance and they
can become a dangerous learning crutch. Don't forget who your audience is (or
who you're attracting with a title like Web Hacking 101) and remember that
when you write you should be focusing on making it as easy to read and
understand as easy as possible for them. Explain the whys behind taking
certain steps such as why you should be google searching for sql errors (saves
you time, it's easy, google cache pages can show details about errors that are
not longer visible on the live site, and most importantly what sql is and the
implications of an error).

While it's not about technical writing I think Kurt Vonnegut's advice will
help you to make a better write up. Specifically #7. -- Pitty the Readers[0]

Vonnegut mentions The Elements of Style[1] which you'll find useful if you're
struggling to give detailed explanations

[0] [http://peterstekel.com/PDF-
HTML/Kurt%20Vonnegut%20advice%20t...](http://peterstekel.com/PDF-
HTML/Kurt%20Vonnegut%20advice%20to%20writers.htm)

[1]
[http://faculty.washington.edu/heagerty/Courses/b572/public/S...](http://faculty.washington.edu/heagerty/Courses/b572/public/StrunkWhite.pdf)

~~~
tagawa
Maybe this would be better marketed as a cheatsheet.

------
spydum
not sure if im just old hat, but it always cracks me up when i see security
advice in a PDF. I know PDF readers might have improved their track record
(actually, have they?), but to me they still give me chills like opening some
random .doc off the internets

~~~
provemewrong
So how do libpdf and pdf.js fare in comparison to the likes of Adobe Reader in
terms of security? I've found that I only use those two these days, even for
offline PDFs.

------
bgilroy26
There are some targets to practice on (such as WebGoat[1]) in the answers to
this security.stackexchange question:

[http://security.stackexchange.com/questions/21523/sample-
vul...](http://security.stackexchange.com/questions/21523/sample-vulnerable-
web-apps-to-test-pentesting-platforms)

[1]
[https://www.owasp.org/index.php/Category%3aOWASP_WebGoat_Pro...](https://www.owasp.org/index.php/Category%3aOWASP_WebGoat_Project)

~~~
icpmacdo
Thanks for the link, that is a really cool resource!

------
oneeyedpigeon
This is about 'cracking' \- security exploits etc. - rather than a general
guide to web programming (which is what I expected).

