WWW Web Site Security
WWW Web Site Security and you the Developer are the risk.
I know, you’re the best at Photoshop and you crank out some of the best layouts online today.
You might even be the hotdog PhP or .Net programmer that everyone wants to be like.
I know you are the best at what you do. Your website clearly shows some great examples and you have been doing websites for years. I agree you are the Best Mouse in Town! (keep reading)
But no matter what you do and how good you are there is always someone better and sometimes they aren’t looking at your website as something really cool to read but more like something really cool to hack.
Before I go into some specific topics I should offer up a disclaimer about security.
First, there is no single way to protect your website from attacks so get the idea out of your head that your weakest code line will go unnoticed forever.
SQL is one of my main topics but I also like the PhP scripts that are often run on my sites. Now, typically I don’t offer up my code solutions but I do offer the code ideas for developers to review. You might find my ideas are all garbage and that's fine, just leave me your URLs so I can monitor when your main page changes and is mirrored on Zone-H.Org. (You just have to admire the guts.) I used to follow the score cards in forums but the past couple of years it's been hard to find them. Must be something in the water, in any case it’s always good to review a few good old fashioned fun sites to find out if your base code might be part of some competition.
You should now have a good idea of what’s going to be posted in this section.
I'll have detection scripts and ideas as well as test and monitoring test scripts that you can use.
It's a cat vs. mouse game and if you’re a web site developer you're not the cat.
Thursday Aug 18 2011
Your query string data like 999999.9 union all select 0x31303235343830303536— I was actually wondering when my next SQL Injection attach would be. I updated a few scripts and for the life of me I lost all my old SQL Net-Mistakes. But I knew the internet wouldn't let me down. One Net Mistake came in to help me test.