Hacking seems to be a common occurance now days. While it seems to be a somewhat complicated process in reality it is mostly simple hacks that result in tremeduous damage, costs, and lose of data.
Two Types of Web Hacks
XSS and SQL Injections. There are obviously more such as DDOS attacks, but those are short term.
What are they?
XSS is simply inserting Javascript into a page. An example of this is a simple alert.
<script>alert("Hi!");</script>
SQL Injections are a wider range of possibilities. They allow you to delete an entire database, to outputting important information. Or even logging in as an adminstrator.
How do you prevent these?
XSS tends to be the hardest to combat as you have to filter out harmful html tags but ignore other things. PHP has some built in functions but these tend to fall short in certain complex situations. It is often recommended to stay away from regex to filter these, but instead using things like HTMLPurifier. On their site you can see a wide array of methods to handle XSS issues. HTMLPurifier is somewhat slow, but in the end if you are dealing with possible hostile inputs its highly recommended.
SQL Injections tend to be extremely easy to filter out. In PHP mysql_real_escape_string on a Query can go a LONG way. It may not cover every end of the spectrum but it will prevent 99% of the small-medium hackers.
How to start?
Simple - Find the holes.
REQUEST, POST, GET
In a website we have several methods of interaction with users. They range from GET/REQUEST variables to POST variables. In PHP REQUEST handles both the GET and POST variables. Bad coding designs utilize the REQUEST format. This allows hackers to use either or verses having to take a initial guess of one or the other. While REQUEST does have its place in the world if you are coding a hardcore app DO NOT USE IT.
From here if you are looking at for instance a simple login form. Look to see what hidden input fields exist. These can be easily accessed using Firefox Web Developer by "Displaying Hidden Elements."
Testing for the holes...
Some sites have these wonderful redirects hidden in the site. If it handles GET you can throw it into the URL by a simple.
http://example.com/login.php?redirect=TEST
If this is able to change the hidden inputs value you found a great hole for XSS attack!
Now the challenge here is to figure out if they are filtering out HTML on the variable "redirect." While this seems obvious to filter out its not the easiest to prevent.
http://example.com/login.php?redirect="><ScRipT>alert("hi!");</script>
The above is basically closing out the "redirect hidden input." and opening a javascript statement. If they are not filtering out HTML items such as "> it will be immediately obvious. The second part to this is the " it was at first it was mostly for fun and then people abused it to literally redirect people to porn sites. As people can tweet globally and target specific tags. This ended up being one of the biggest WHO HA's. ever... In short it lead to a wide spread check on all sites for XSS issues.
In the end XSS really doesn't make much of a threat for most websites. But should always be checked for when filtering inputs where people can save posts and such.
SQL Injections when and where?
These are the one type of hacks to be weary of. As they can be extremely costly. Using similar methods above you can easily test for holes. Login scripts tend to be the best place to start. Simple ways around certain systems is to place in side the "Login Name/Email" using a simple
admin' OR 1=1
Long as they are not throwing slashes on single quotes or filtering this out. You have a back door... Chances are that they will have higher security measures on this part than the rest of the site. Finding a process page or a section that handles simple functions that are apparently obviously pulling data from a database via search.
Recommendations
Understand Javascript and your database query structures. Realize that nothing is ever safe... Don't think about security after the fact, add more time to your projects to allow for security. Make sure your employer, clients understand that when dealing with User Interaction that not every one that comes to the site is honest, but instead may be trying to cause HARM.
Best way is to treat every one who comes to your site as a hostile. If you do not use best coding practices you are looking at potential security risks.
Articles/Information:
