Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Webappsec at university
Posted by: DoctorDan
Date: April 30, 2008 07:46PM

Hey, I know a lot of us are at, nearly at, or barely out of university. Right now I'm basically looking into how I can find a teacher and gain a strong hold on webappsec, running servers, and the HTTP in general while in college. I certainly have experience with all these things, but I'm at the point where I need to interact in person with other hackers/professors who are more experienced than me. So, I'm looking for some courses at uni. Unfortunately a lot of the ones that I feel like I would be comfortable in have prerequisites (one's I rather wouldn't take). Are there any fundamental classes that I definitely SHOULD have (Data Structures, etc)? Basically I'm just asking for some suggestions with this process, or if anyone has had a similar experience. Also, did you meet many other hackers at university?

Thanks!
-Dan

Options: ReplyQuote
Re: Webappsec at university
Date: April 30, 2008 08:38PM

Unfortunately you'll probably have to take the prerequisite courses before you get to do anything "fun" or interesting, but in my own personal experience I've come across few individuals who know much about web application security. My own professor told me I know more about it than they do. At least next semester I'm going to take Assembly, which I'm looking forward to.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: Webappsec at university
Posted by: istari
Date: April 30, 2008 08:46PM

What kind of prerequisites are you talking about? I'm just curious: basic CS stuff? Math stuff?

Options: ReplyQuote
Re: Webappsec at university
Posted by: DoctorDan
Date: May 01, 2008 10:39AM

Thanks, Andrew
istari, most of the prereqs are intro CS classes, often to get people familiar with programming and computer basics.

Options: ReplyQuote
Re: Webappsec at university
Posted by: Matt Presson
Date: May 01, 2008 12:07PM

You need all the knowledge in those prereq classes if you are ever going to understand what is going on behind the scenes when you are poking at an application. Without that knowledge, you will have no idea how to attack the app or change an attack based on responses you get from the application. Without this knowledge you become a script kiddie who really doesn't understand why an attack works.

You don't always have to understand every nuance of an attack, but you at least should have a general idea of how and why it works.

-----------------------------------------------------------------------
(ú=(θ='',[µ=!(Φ=!θ+{})+θ,Θ=Φ[ø=+!θ]+Φ[+θ],ĩ=µ[ø],Ø=µ[º=ø+++ø],Ç=Φ[º+ø],à=ú[Φ[º+º]+Φ[+θ]+Ç+ĩ]][Ø+Ç+Θ])())[ĩ+à('•êí')](Ç+à('Á«)'))

Options: ReplyQuote
Re: Webappsec at university
Posted by: DoctorDan
Date: May 01, 2008 08:51PM

Trust me, I'm the type of person that does love to know every nuance of an attack. In math, or webappsec, or almost anything, I feel horrible implementing something I don't completely understand- it just bothers me.

I wondered about how much I would actually get out of prereqs, or if I already have a decent background. I simply don't know where I stand in that respect. It wouldn't bother me much to take them, but there's so much I want to study in college that I really want to have many open credits so I can take the classes I'm really interested in. Haha, I'll probably just take them to be safe anyways.

Options: ReplyQuote
Re: Webappsec at university
Posted by: Matt Presson
Date: May 02, 2008 08:41AM

Understanding every nuance of an attack is a good thing, but just be sure not to get caught up in the details and "miss the forest for the trees".

I hope you learn everything you can about security in the college you are attending, because I certainly didn't. Looking back, security was mentioned in one class "Computer Security" and it focused more on encryption algorithms, security models for OSes, and the like. Application security, not even mentioned that I can remember.

As a side note, it is kind of funny because I now work for a large corporation in the US in the application security division of information security. If you would like to get a good book on application security, "The Web Application Hacker's Handbook" is a good one. It is written, in part, by portswigger and really goes into the different stages of an application attack. It was invaluable to me when first starting out.

-----------------------------------------------------------------------
(ú=(θ='',[µ=!(Φ=!θ+{})+θ,Θ=Φ[ø=+!θ]+Φ[+θ],ĩ=µ[ø],Ø=µ[º=ø+++ø],Ç=Φ[º+ø],à=ú[Φ[º+º]+Φ[+θ]+Ç+ĩ]][Ø+Ç+Θ])())[ĩ+à('•êí')](Ç+à('Á«)'))

Options: ReplyQuote
Re: Webappsec at university
Posted by: thrill
Date: May 02, 2008 11:27AM

I've never understood why universities force students to take basic courses they sometimes do not need. It would be a lot more beneficial for the student to be 'tested' to see if he understands enough about the course they're trying to force him to take so that he may skip it and go to something that really interest the student.

When I was 'forced' to take Pascal in my college it caused me to get completely bored with school, so I went out and got married instead.. if I had been allowed to pass go and collect $200, I may have gotten my degree because I would have remained interested in learning what they were teaching, rather than learning whatever I could learn in the real world.

EDIT: I guess the reason they do this is because they're not really trying to teach you anything you would like, they're just teaching you how to follow what others tell you to do so you can be a nice sheep in the bizniz world.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill



Edited 1 time(s). Last edit at 05/02/2008 11:28AM by thrill.

Options: ReplyQuote
Re: Webappsec at university
Posted by: id
Date: May 02, 2008 12:48PM

"Pascal made me get married, and ruined my life"

I bet you're not the first.

-id

Options: ReplyQuote
Re: Webappsec at university
Posted by: thrill
Date: May 02, 2008 03:20PM

Quote

"Pascal made me get married, and ruined my life"

And to think I would have avoided meeting you if I had gotten my degree. Then I would just be one of your silent admirers.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Webappsec at university
Posted by: DoctorDan
Date: May 02, 2008 05:25PM

Matt, I was reading it about 20 minutes ago :P
Yeah, it's a great resource! I can't believe application security plays no major role in any courses. I mean, where do people actually learn to develop web applications and truly understand the HTTP and its implications? All the best seem to be very much self-taught. How did you professionals get to where you are now? And thrill, thanks for warning me- I'll be wary of marriage.

Options: ReplyQuote
Re: Webappsec at university
Posted by: tx
Date: May 02, 2008 07:08PM

@DoctorDan: I'm self taught, and thinking about it, pretty much every other web developer I know was/is too. Not that there aren't a fair amount of CS degrees in that group, it's just that a BS in CS doesn't really seem to prepare one for web application development. Although my knowledge on what a CS degree prepares you for is limited: I dropped out of my CS degree after my professor downgraded a program I had written because I created my own class...

(for the record, the class the prof was teaching was the lab for Introduction to Object Oriented Programming and the language was Java... <sarcasm>so I can totally understand him giving me a 'D' for using a class. I was obviously stupid in my younger days, lol</sarcasm>).

-tx @ lowtech-labs.org



Edited 2 time(s). Last edit at 05/02/2008 07:09PM by tx.

Options: ReplyQuote
Re: Webappsec at university
Posted by: DoctorDan
Date: May 02, 2008 07:44PM

<sarc>How dare you create a class in an OOP course!!! Man, what's wrong with you, tx</sarc> :P
I hope that's not what CS is going to be like in general...



Edited 1 time(s). Last edit at 05/02/2008 07:45PM by DoctorDan.

Options: ReplyQuote
Re: Webappsec at university
Posted by: tx
Date: May 02, 2008 10:15PM

Again, for the record, I was a bit of an asshole in those days (not that I'm not now). He actually gave me a warning about using a class (it was a simplified model of some POS software [point-of-sale not piece-of-shit] and when I turned it in I used a class to represent a saleable 'item', with its various attributes), but instead of rewrite my code procedurally I used both versions of the code; if you wanted to run the profs version you had to add an argument like '--stupid' (or something like that) to the command. So I was very much tempting fate...

I guess I'm saying, a CS degree is probably worth it even though a significant portion of what you'll learn isn't _directly_ applicable to what you'll probably end up doing when you graduate.

The $ goes to the people that are willing to continually push themselves to learn once they are out of school and are willing to make clients pay for that knowledge.

-tx @ lowtech-labs.org



Edited 1 time(s). Last edit at 05/02/2008 10:16PM by tx.

Options: ReplyQuote
Re: Webappsec at university
Posted by: thornmaker
Date: May 02, 2008 11:00PM

@doctordan: regarding prereqs, if you feel they are unneeded, talk to the teacher of the class you want to take ahead of time and explain your situation. most professors will be reasonable and will let you in the class if they think you know the prereq material already.

Options: ReplyQuote


Sorry, only registered users may post in this forum.