

So how does hacking work anyway? - joshmlewis

I am more of a web designer/front-end developer with a little experience in everything else.  However I realize the potential of programming languages but I have never quite figured out or grasped how they go from writing a nice little web app to the drastic other side of breaching a web site, climbing into their databases, hacking their email, etc..  Can someone explain (and I'm sure someone on here can) how it all works?  It seems to be a big secret but I want to know.
======
nbpoole
It's not a big secret at all ;)

tptacek has a list of books on Amazon, linked to from his news.yc profile,
which cover a wide range of application security topics
(<http://amzn.to/cthr46>). I own The Art of Software Security Assessment and
The Web Application Hacker's Handbook and I can vouch for them as quality
resources, although I'm not sure how accessible they would be for a beginner.

In terms of a more practical introduction, Google Gruyere is an application
deliberately built with security vulnerabilities for the purposes of learning
(<http://google-gruyere.appspot.com/>). There are plenty of other projects
along those lines: WebGoat is another good example.

~~~
joshmlewis
What languages did you start on?

~~~
nbpoole
PHP was my very first language, which in hindsight was probably a good choice
for a couple reasons:

1\. It's used in a ton of web applications. It's slightly less popular than in
the past due to the influx of frameworks like Rails and Django, but a lot of
major web software (Wordpress, Drupal, Joomla, MediaWiki, phpBB) still uses
it.

2\. People tend to write very insecure PHP code, especially when they fail to
use a framework. Again, this is slightly less true now than it was in the
past. However, it's very common to see bad practices like:

\- SQL queries generated via string concatenation

\- Output escaping done manually, on a per-element basis, rather than in an
automatic, context-sensitive manner.

\- File upload scripts that let you upload PHP files, or file download scripts
that accept a filename but don't sanitize against directory traversal attacks.

------
fmavituna
OWASP (such as testing guide) would be a good place to start or simple books
such as Innocent Code / Web hacking Exposed. Having prior experience in
server-side coding will help massively.

Just like many other professions hacking/breaking is all about practising -
you can safely hone your skills on these :
[http://ha.ckers.org/blog/20090406/hacking-without-all-the-
ja...](http://ha.ckers.org/blog/20090406/hacking-without-all-the-jailtime/)

------
sidewinder
While most popular penetration testing books only scratch the surface of the
topic, they are still a good resource for beginners. "Gray Hat Hacking" is on
it's 3rd edition and offers of good intro into many tools of the trade.
<http://amzn.com/0071742557>

------
burliest
Metasploit includes a significant quantity of reference code:
<http://www.metasploit.com/>

