From: mailing lists (bofn@irq.org)
Date: Sun Oct 08 2006 - 06:30:10 EDT
*This message was transferred with a trial version of CommuniGate(tm) Pro*
On Sat, 7 Oct 2006 08:50:11 -0700 (PDT)
Shahin Ansari <zohal52@yahoo.com> wrote:
> Hi
> Where would you say one can learn more about this profession ethically? How and what
tools should they use? Also do you know where I can get GCIH? I know you do not
approve, but I am new.
> Sean
i've read the first chapters some of the sold as Best certification course books, and
found too many mistakes, false assumptions and bad logic in them.
they look like 'cut, alter & paste' work from the Orange Book from the mid 80's, or a
stack of random articles.
my advice would be, First learn how things work, before you read books and articles on
how to 'break' them.
if you dont know how the HTTP protocol works with all its funky commands and options,
then you can only repeat the few tricks, and will not see a lot of the the site specific
issues.
automated tests are a nice tool to speed up things, but no replacement for eyes, brain
and keyboard.
Cheers
*Anna
-- "The power of accurate observation is frequently called cynicism by those who don't have it." ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:09 EDT