The internet is growing faster then ever and it will probably will not stop growing in the near future. The same thing applies to web applications. Each day there are thousands of new web applications and they are becoming more and more important. More companies rely heavily on them, for that reason it is a extremely important to secure them properly. By understanding how to hack them you will understand how to secure them.
As with everything, hacking web applications is about experience and knowledge. That is the reason why I want to show you how and where you can learn about it.
Legal Web Hacking sites
There are several good web sites where you can learn about hacking web sites. I do not want to go into detail since I already listed most of them in my first and second part of the learning how to hack article.
Learning Web Hacking Through Programs
If you want to learn to hack web application I recommend you download Webgoat. Webgoat was created by OWASP. You can download it for free on OWASP’s web site. After downloading it you need to extract the zip-file. Then double click on the webgoat.bat file. This makes your computer more vulnerable so I recommend that you unplug your network cable so you do not have access to the internet. Afterwards open up a browser, browse to http://localhost/WebGoat/attack and enter “guest” as username and password. You should now see something similiar to the picture below. On the left side of the page you can select the different things you want to learn. Clicking “Hints”, on the top of the page, will help you with the challenge when you are stuck.