WEB Application Security Tester TOOLKIT

  I think, if you want to become a WAST (Web App Security Tester-Pen Tester) you have to have;

1.Knowledge (experience) of at least "1" web application development programming and/or script language , such as; Java,C#,VB,Perl,Php,Ruby,Phyton etc, and Javascript, and Markup Languages such as; HTML,DHTML,XML,XHTML,..etc.

2. Knowledge of Web Services (WSDL, SOAP,AWS,...)

3. Knowledge of Web basics such as; Web Servers, Web clients, releated ports, protocols (TCP/IP),

    HTTP,HTTPS,URL,URI,SSL,Web proxies,..etc.

4. Knowledge of different OSs (Windows,Linux)

5. Knowledge of Web servers types (IIS,Apache,Nginx,...)

6. Knowledge of SQL and Database and Data Store systems (MS SQL,MySql,Oracle, ..etc)

7. Knowledge of Authentication systems (Basic,NTLM,Kerberos,..etc)

8. Andddddd Tools;

Back Track (it is HOLLY TOOL of  WASTS)

Vmware (or another virtual system-Dont harm yourself and others)

Burp (it is Awesome I'll tell you how ),

HP WebInspect (It is also good)

Web Developer

Tamper Data

HP Scrawlr

SQLiX

Paros Proxy

IBM Rational AppScan

Firefox Extension/Add-Ons,...etc.

We will talk about all of those and other tools a little later.  :(

See you later .