On Hacking: How To Prevent

-
Hacking is the biggest threat in the web environment nowadays with millions of attacks daily to major sites such as Google, Yahoo!, and mostly Microsoft. Being a website developer, I need to learn how to hack and how to have the hacker way of thinking. What for? Simple. I need to know the vulnerabilities of the web I'm developing. This is mostly known as ethical hacking.

There are various hacking methods that people use nowadays. Here are some examples:

XSS/CSS (Cross-Site Scripting)
This attack exploits people's ignorance towards the links they're clicking. The link can redirect to another site aimed at getting important information. So, you might want to be careful and check before you click. This is also known as exploit and this problem is still faced by big players like Facebook, MySpace, etc.

Brute Force Attack
This is the most traditional hacking attempt known by mankind. The attack is simple, the hacker will input a large number of possible password combination and wait untuil the ID unlocks. Nowadays, this attack is automized so the hacker can wait and relax. To prevent this you can limit the number of bad login attempts before the account is locked. Another way to do this is by setting specific time interval between bad login attempts. This way, brute force attacker can not put a lot of combinations at one time and preventing them from accessing the site.

SQL Injection
This is also an old form of hacking attacks. Doing it is simply by inserting parts of SQL string that would resulted in valid conditions. The below string can be used for example:
' OR 1=1;--
The string works well for MySQL database and will set whatever condition you state for SQL query to always be true. To prevent it simply filter the input and treat it not as part of the query string but as text input to get results.

Social Engineering
Putting your information on the internet? Be careful because hackers attack with social engineering. Using the information found on the net, hackers can create your profile and gain advantage from it. For example, knowing your birthday can indicate a password possibility of getting your password because if you're not aware of how to make a good password, usually your birthday is the easiest password to use. Well, that and your mom's name hehe. They can also act and try being your frined to gather the info. So, the only way to prevent it from happening is by limiting you information exposed publicly in the net and also be careful when befriending someone online.

Of course there are many things you can do to hack. If you can do it, do ethical hacking instead of destructive acking. Why? You'll get more money and you dont have to be afraid of the cops. So, happy learning guys and be careful on the net. It's a warzone out there.

Regards

-E-

Follow @femmerling on twitter


The information in this blog post are just basic information and concepts. For complete undrestanding, try googling ethical hacking and learn or get a training. I support ethical hacking!!

Comments

Post a Comment

Popular posts from this blog

Customizing Sanic's Logging output on Gunicorn

-
For those of you who didn't know, Sanic is a Python 3.6+ web server and web framework that’s written to go fast. It allows the usage of the async/await syntax added in Python 3.5, which makes your code non-blocking and speedy. Sanic's API is highly influenced by Flask and the API is really good. I worked on a personal project lately and found out that doing custom logging on Sanic is quite hard. You don't get a lot of information from Sanic's logging library and since it's based on the default Python 3 logging library , the information it provides is limited. My initial thought was since I will use Gunicorn, let's use Gunicorn's --access-logformat to get the information I needed. The functionality provided a lot of information and I can make use of it to get what I need. However, when you use Sanic Gunicorn Worker, which you need to use to make it work on Gunicorn, it will only use Sanic's logging output. I did a lot of googling and it seems like a lo
Read more

5 Takeaways From My Past 5 Years With Coral, Prism, Midtrans and Gojek

-
Image
A little over 5 years ago, I decided to resign from Traveloka and joined hands with my friends to help build Coral. It was an exciting project. I have a big interest in the social commerce space and Coral seemed to be a very good take at it. We built it, launched it, learned from it and in the end decided that the business model will not be sustainable. Our experiment was evidently working. Merchant's conversion rate reached over 20% on our platform but we couldn't monetise it. Then we took the decision to pivot. We took the best part of Coral, the chat-to-buy capability, and breathe life into Prism. The product helped businesses dive head first into the social commerce space with their existing platforms. One thing that a lot of people don't know was that Coral and Prism was part of Midtrans from early on. It was acquired before launch. This enabled us to do the experiment without worrying about funding. Gojek acquired Midtrans during the closing days of 2017 and Prism w
Read more

Lessons From Leading and Developing Product Engineering Teams - Part 1

-
Image
The WFH period gives me extra time to think and reflect back on the lessons I’ve gained throughout my 15+ years career. I spent most of it leading others and I've gathered a lot of practical knowledge. I want to share it to help others learning to take up leadership. So, here are some important lessons about leading people based on my experience. It's a long read, so please bear with me, I'll split it into 3 parts. #1 - It all starts with trust Hire people you can trust. This brings a world of difference to the team dynamics. On every interview, I always ask myself the following questions. Can I trust this person? Will this person help the other team members? When I am confident to hire someone, it means that I trust that person enough to work with the other team members. The mindset I establish would always be Trusted, until proven otherwise. I mean, why would you even hire someone you can't trust? I've seen a lot of people hiring people but are too afraid to trust
Read more