Hack Proofing Your Web Applications

You are probably familiar with the attacks of February 2000 on eBay, Yahoo, Amazon, as well as other major e-commerce and non e-commerce Web sites. Those attacks were all Distributed Denial of Service (DDoS) attacks, and all occurred at the server level. Those same attacks moved hacking to center stage in the IT community and in the press. With that spotlight comes an increased awareness by information security specialists, project managers, and other IT professionals. More and more companies are looking to tighten up security. As a result, hackers have become more creative and more talented, raising the bar on security from not only a network administration standpoint, but also from an applications development standpoint.
To go about creating a defense, you must try to approach an understanding of where these attacks could originate, from whom, and why they would target you. You will learn in this book that your systems and applications can be targeted or chosen randomly, so your defense strategy must be as comprehensive as possible and under constant evaluation. If you can test and evaluate your programs by emulating attacks, you will be more capable of finding vulnerabilities before an uninvited guest does so.
Hackers range from inexperienced vandals just showing off by defacing your site to master hackers who will compromise your databases for possible financial gain. All of them may attain some kind of public infamy.
Just say the name Kevin Mitnick to anyone in the Internet world, and they instantly recognize his name. Mitnick served...