Social Network for Web Professionals

Webmaster Blog

Members blog at WebmaisterPro. Covering topics related to online marketing, SEO, web development as well as software reviews.

Learn How Hackers Find Security Vulnerabilities. Web Application Security

In the last couple of months there were a lot of treads related to web and application security, many government websites were hacked. The list of big company websites that were under attack is lengthy, but I will just mention few – Sony, Nintendo, Sega and there were so many treads for Facebook, so even biggest names in the business can be vulnerable to hackers.


Nobody is 100% assured that even managing low to mid-profile website will not become a target to hackers. I’ve seen many times small websites of my customers being attacked and once spotted; hackers become persistent and try over and over again.  Recommended practice - close all potential security holes and even pay some extra money for DDoS attack protection.
Today’s web is so complicated and more often web developers are developing website with cross-site scripting which open many doors like privilege elevation tricks, database injection, cookie exploits, Ajax vulnerabilities and more.


Learning all about web security requires a lot of reading – book, forums, security guides and of course constant communication with other web developers. If you website is based on some of the top CMS like WordPress, Joomla or Drupal, most likely community will take care for all possible problems, however you can do this on your own and also contribute this knowledge to the community.
Google recently introduced project called Gruyere – simple web app that enables you to enter some data and store some assorted files. Learn through practice to prevent website security vulnerabilities. Gruyere app comes with pre-build security holes of any kind and Google’s CodeLab acting as a tutorial, step by step through each practical exercise.  Some of the exercises are very complex, however most are easy to understand for developers that have good knowledge of JavaScript and HTML.

Getting Started with Gruyere

  1. Every single Gruyere user have own instance of their application, so there won’t be any conflicts with other user applications. So create account, however a good practice is using different that regular username and password as this is not practice.
  2. Of course you start and Home page. Look various URLS; you can see that you can enter HTML into New Snippet box.
  3. Main Gruyere page is a good resource, so every time you stuck somewhere, each section will help you with explanations for particular exploits, so you can be back to demo app after that.
  4. Good practice is to try to figure out each challenge on your own, without looking at the hints first. Of course if you are completely clueless – click Hint->Exploit and Fixes and you will find the solution for this particular problem.

I really like this practical way of learning more about web application security, definitely a great way to learn more about web security. Just an advice, if you really interested to learn more don’t just start and stop at Gruyere, there are many resources online that can help you learn more.

Rate this blog entry:
1
Fancy CSS3 button
Top 5 eBook Applications

Related Posts

Comments

 
No comments yet
Already Registered? Login Here
Guest
Wednesday, 28 October 2020
If you'd like to register, please fill in the username and name fields.

Captcha Image