Note: I knew I said I would post over the weekend, but I recently had to finish up a SQL project for a database class. All is well now though!
I’m back with an update on what I have learned so far with the web application book! Things are looking pretty awesome so far.
Journey of a thousand miles, single step, etc.
So far, I have a web page that asks for your name. When you type it in and submit it, this happens:
Whaaaaaat? No way.
While it certainly is not much, I’ve learned a ton so far, ranging from template interaction with python scripts to GET and POST web requests.
The next few things I will be reading in the book are database implementation, email, and file organization for web application projects. After all that, the book has a section that teaches you how to make a blogging application. I will certainly touch on it a bit to experiment, but I want to stick to the plan of making that small game I mentioned for my personal web app (which I will then break into!).
My next post will show what else I make in the process of learning web applications. Once I am finished reading Flask Web Development, I will be summarizing all the important things I learned in creating a basic web application.
That’s all for now. Thanks for reading.
In my last post, I mentioned a small project that I wanted to do. Here is where I outline it.
The first thing I want to do is create a web application on my raspberry pi. While I have hosted a basic web server before, I have never touched back-end development in my life. Knowing that, I found a book that can help me with this called Flask Web Development: Developing Web Applications with Python. It covers all the basics, from creating web forms using bootstrap to databases and so on.
The web application that I want to make will have a register-login system, and will host a basic game. Once people have registered an account, they can “host” a game and once a sufficient number of people join, then the objective of the game is as follows:
- Everyone starts with a certain number of points, probably 5 or 10.
- There is a scoreboard for everyone to see.
- Whenever someone looks at the scoreboard, they lose a point.
- Last person standing wins.
This is meant to be more of a long-term game. This also works well with people who talk to each other regularly, as it allows for fun trickery and manipulation to get others to look at the scoreboard. Of course, why not just never look at the scoreboard? Well, if that were the case you’ll never know if you’ve actually won. As a side note, I did not make the game idea myself. I actually found the idea from the NoSleep Podcast, which told the creepy story called “She’s Waiting in the Reflection.”
Anyhow, my next step will be reading up on The Web Application Hacker’s Handbook. That’ll be what I use to exploit my website as much as possible. What better victim to use than a website created by a web app novice?
Anyhow, that’s all I’ve got for now. I shall post progress sometime this weekend!
Yep, that’s my goal. Pentesting is a really cool and exciting field to dive into. There’s always something to learn and the satisfaction of breaking into a system is incredible. Of course, with each large goal means a set of smaller goals and questions. What does pentesting consist of? How could I further myself to make obtaining a career easier?
Pentesting serves as a method of assessing the security of a company’s network and computer infrastructure. How safe is their data? What is their weakest link? Companies rely on the reports written after the exploitation phase to use as a guide on improving their security.
To further myself, books, projects, and research are certainly the way to go.
I read up on basic wifi cracking and tested it out on Kali Linux so far and it’s awesome, which is what inspired a desire to start writing this blog. Maybe if I have a way of tracking progress, it will give me a yearning to do more. Plus I have a way to geek out about it.
My first project is to create a small web pentesting lab. Essentially, I would be hosting a local web application on a raspberry pi, and I would try to exploit it. My next post will highlight exactly what I want to do. By the end of it, I expect to know basic back-end web development and web exploitation.
I can’t wait construct my own lab from the ground up! Until next time.