So how does hacking work anyway?

20 points by joshmlewis ↗ HN
I am more of a web designer/front-end developer with a little experience in everything else. However I realize the potential of programming languages but I have never quite figured out or grasped how they go from writing a nice little web app to the drastic other side of breaching a web site, climbing into their databases, hacking their email, etc.. Can someone explain (and I'm sure someone on here can) how it all works? It seems to be a big secret but I want to know.

8 comments

[ 3.1 ms ] story [ 35.9 ms ] thread
While most popular penetration testing books only scratch the surface of the topic, they are still a good resource for beginners. "Gray Hat Hacking" is on it's 3rd edition and offers of good intro into many tools of the trade. http://amzn.com/0071742557
It's not a big secret at all ;)

tptacek has a list of books on Amazon, linked to from his news.yc profile, which cover a wide range of application security topics (http://amzn.to/cthr46). I own The Art of Software Security Assessment and The Web Application Hacker's Handbook and I can vouch for them as quality resources, although I'm not sure how accessible they would be for a beginner.

In terms of a more practical introduction, Google Gruyere is an application deliberately built with security vulnerabilities for the purposes of learning (http://google-gruyere.appspot.com/). There are plenty of other projects along those lines: WebGoat is another good example.

What languages did you start on?
PHP was my very first language, which in hindsight was probably a good choice for a couple reasons:

1. It's used in a ton of web applications. It's slightly less popular than in the past due to the influx of frameworks like Rails and Django, but a lot of major web software (Wordpress, Drupal, Joomla, MediaWiki, phpBB) still uses it.

2. People tend to write very insecure PHP code, especially when they fail to use a framework. Again, this is slightly less true now than it was in the past. However, it's very common to see bad practices like:

- SQL queries generated via string concatenation

- Output escaping done manually, on a per-element basis, rather than in an automatic, context-sensitive manner.

- File upload scripts that let you upload PHP files, or file download scripts that accept a filename but don't sanitize against directory traversal attacks.

(comment deleted)
OWASP (such as testing guide) would be a good place to start or simple books such as Innocent Code / Web hacking Exposed. Having prior experience in server-side coding will help massively.

Just like many other professions hacking/breaking is all about practising - you can safely hone your skills on these : http://ha.ckers.org/blog/20090406/hacking-without-all-the-ja...