Web Application Security

WEEK7

 In week 7 we learned about web application security, in other words how to hack web sites and figure out their vulnerabilities. We were shown different types of hacking techniques like Cross Site Scripting which will allow you to inject the website with some HTML code, or with some bad programming you could even inject SQL injections. After examples of the SQL injections we learned about Cross Site Request Forgery which in the worst case scenario, could cause a person to transfer money to another bank account instead of theirs. That was then the end of class but he gave us a program to download so that we can try out some vulnerabilities and learn about others. We used Mutillidae and XAMPP to generate a web page in our VM. We then had to hack the web page beginning with the username and password, which if you put "' or 1=1 -- " in the username you we granted admin access. We then used google and infromation from the web page to try out mode hacking codes and injections. Seeing this makes me feel very uneasy about the internet because if the programmer is not well experienced, your website could be hacked, changed, or even shut down. :/


Scott Dawe