Here I am doing another project, the main point is that there are high security requirements, well, I know how to know the general security principles and .. can we discuss who uses what methods to protect or who has a hack ... how do they do it. branch stupid answers ..

3 answers 3

Basically, the key to successful hacking is a lucky coincidence. This has been repeatedly proven in practice. Well, without knowledge and experience, too, can not do :)

There are many ways to hack sites. The most common one is probably SQLi (SQL Injection). This method is as old as the world, and everyone has long learned to defend against it (SQLi scanners, secure frameworks, etc.). But somewhere else you can meet this vulnerability (mainly on old sites, portals, etc.). Another way of hacking (its roots go back to the beginning of the 90s) is the well-known XSS. Despite its “antiquity,” information security experts claim that 9 out of 10 sites have vulnerabilities associated with code injection (XSS itself). The user @just , as I understand it, is not particularly familiar with this type of attack, since he mentioned only XSS in dynamic pages ("molds"). XSS is a very extensive type of attack. Take, for example, DOM-Based XSS. This view generally allows you to embed code in static HTML / JS pages (in the DOM structure). I would also like to add that all XSS `s are divided into passive and active. This is not bad written here .

In modern times, attacks such as CSRF (hypertext transfer protocol vulnerability, rooted in the early 90s), attacks based on vulnerability in regular expressions, and XML attacks are gaining popularity. Also, do not lose sight of the type of attacks based on vulnerabilities in the toolkit (RoR, Yii, WordPress). For example, in the WordPress engine, there are several new vulnerabilities every month that allow putting a website (and if you consider the multimillion audience of WordPress users, there are more than one website)

    The most common attacks are xss attacks and sql injections. xss attack (cross site scripting) - when your javascript is implemented in your code. This can happen when you are what the user can enter into the form and send immediately display on the page, in html code. The user can safely write <script> blablabla </ script> - and this script will be executed. So you need to handle all the data that the user enters, and which are displayed on the page. sql injection - when embed sql. This can happen when you do not check user information, but use it in your sql database query. For example, it does not matter in what language: you took the name variable from the user, and write the query to the database "SELECT * FROM BLABLABLA WHERE name =" + name. And here the user can already inject his sql. These are the most common vulnerabilities.

    • one
      It seems to be already familiar with this he took for himself the rules that all that comes from the user it contains something left and needs to be filtered, but the answer is cool .. I understand a normal person .. writes essentially .. who else can share something? - ukroficer

    Both developers and hackers use the same tool. Consequently, hacking sites depends on the competence of the one who developed it. As probably many people know if such systems as joomla, wordpress and the like, in which many additions are made by third-party developers and are not always safe to behave. Basically, for hacking the site, the hacker tries to emulate the system as accurately as possible which will break. Choosing and installing those additions that I could accurately identify on the site.

    After installing these add-ons, there is a continuous review of the data and the executable code, the search for matches with the already known and not well-known SQL Injection, the search for simple programmer errors, the search for opportunities to write, send, create an executable file on the server. An even greater role is given to the server software installed on the site if of course it is possible. After a detailed analysis of all the data, a decision is made about hacking and its methods. The easiest option is when you can send an executable file to the server. because hacking attempts are monitored by the correct administrators, then the hacker has only one opportunity. It turns out that there is no possibility to do something twice or thrice. Therefore, all site manipulations are carried out on an emulated system that is as close as possible to the one that will be broken. And most likely only with 100% confidence that the attempt will succeed and succeed in covering the tracks - the hacker begins to act. There is another option for selecting passwords and trapping some kind of network packets in which you can emulate completely the work of a neighbor's browser (for example, in a large corporation or in an Internet club). Often it is generally simple, say phpMyAdmin (scan such folders and their derivatives) is also open with an open password for the admin.

    With all the above, I can say that there are no unprotected systems. Many projects in runet are written by either not very competent people or groups of developers with varying degrees of pre-production. Thus, the existence of an error, Bakdor or some other chip that makes it possible to hack almost 100%. I have always admired such people. I myself develop highly loaded and protected projects and several times it was true that for a long time there were not only attempts but also real hacks of my systems, after a long analysis of the logs there were errors and it would seem at that time in perfect code.

    Conclusion: if they want - hacked. But our task is to make this hacking incommensurable with the resources and time spent.

    • There are no “unprotected systems” also because everyone spat on the CSRF in the HTTP hypertext transfer protocol in 1988. Actually, this has now surfaced. - AseN