the right way to learn websites hacking

[tiger_aea]

hi
iam beginner php programmer i am trying to learn who to build websites by laravel php framework.

but plz can you tell me if i can learn php beside learn websites hacking at the same time and reach to a good point in both after 3 years ??
so about resources plz suggest me what i should learn beside OWASP
i hope to tell me if you were me how you will start 

[Lenoch]

As a beginner you should better not touch Laravel right away. Especially if you want to learn it in while learning to find vulnerabilities. Laravel abstracts PHP too much. All the code that sanitizes your data is hidden in Eloquent or the Authentication Module and you will never be in contact with Security except maybe the encryption methods to store passwords

I recommend you start with simple one file scripts. try to look what happens when you don't use htmlspecialchars() on user inputted code. (Tip: try <script>alert("hello");</script>) and understand the dangers. And learn what goes wrong in the code for all other type of security flaws.

When you are confident in basic PHP and want to write a Web application, Go for Laravel. I use it myself and I think it's an awesome framework.

[tiger_aea]

thx for reply
In fact i am not beginner at this point i can write simple scripts without any framework also i am using linux and i think i have a good information to start but i think i am still beginner so sorry for misunderstanding .
plz if you see that's enough answer my questions above.

[iTpHo3NiX]

As lenoch stated, a framework isn't a good way to understand to code and finding exploits, especially large frameworks such as laravel as they have many eyes on it to harden the code. Learn basic php scripting and databases, how PHP speaks with databases and commen mistakes website developers make that can open up SQLi, XSS, RFI, LFI and others. A good foundation of PHP will also make utilizing frameworks much easier.

Good luck on your journey and I think 3 years is a decent time frame to explore what you want. BTW, welcome to EvilZone.

+1 Lenoch for the valuable input

[tiger_aea]

As lenoch stated, a framework isn't a good way to understand to code and finding exploits, especially large frameworks such as laravel as they have many eyes on it to harden the code. Learn basic php scripting and databases, how PHP speaks with databases and comments mistakes or web developers make that can open up SQLi, XSS, RFI, LFI and others. A good foundation of PHP will also make utilizing frameworks much easier.

Good luck on your journey and I think 3 years is a decent time frame to explore what you want. BTW, welcome to EvilZone.

+1 Lenoch for the valuable input

but i want to learn both programming with laravel framework beside website hacking and i will learn php core in the same time  can i reach to a good point in both after 3 years .
can i learn both in the same time or i should learn laravel after that websites hacking Or vice versa?

Thx you ^_^

[iTpHo3NiX]

but i want to learn both programming with laravel framework beside website hacking and i will learn php core in the same time  can i reach to a good point in both after 3 years .
can i learn both in the same time or i should learn laravel after that websites hacking Or vice versa?

Thx you ^_^

Those are completely separate goals, and if you feel that you could learn both at the same time go ahead, you asked for our input and we gave it. We said learn core php and common web exploitation techniques prior to utilizing and learning a framework. By all means do whatever you want, but don't ask for advise if you're not going to listen to it.

[tiger_aea]

Those are completely separate goals, and if you feel that you could learn both at the same time go ahead, you asked for our input and we gave it. We said learn core php and common web exploitation techniques prior to utilizing and learning a framework. By all means do whatever you want, but don't ask for advise if you're not going to listen to it.

i am so sorry, your comments was so valuable to me but my last question about a time to learn both at the same time  i don't know maybe because i am not good at english causing misunderstand

thx again :$ .