Web security matters

Imagine working for the company providing Microsoft UK’s events registration system. It  ’s the beginning of summer in June 2007, and the news is fi  lled with fl  oods in the north of England where people have had to evacuate their homes while the rest of the country swelters in the well  -above  -average heat and sunshine. You fi  re up your Web browser just to check how your site is doing. You’ve been hacked!

It does so by illustrating the problem and showing you how bad code can be used to attack an unprotected Web site. I fi rmly believe this is the best way to illustrate the problem and drive home the fact that Web security is something every Web developer should keep in mind as he or she develops a new site. It may be tempting to try out some of the techniques shown on a friend ’  s Web site, or your
company’s Web site, or even a Web site that you visit on a regular basis. I have a single word of advice about this   —      don’t  !  Hacking is illegal in the majority of countries, regardless of the intent behind it, and using any of the exploits described in this book may land you in serious trouble. Neither the author nor Wrox condone or defend anyone who attacks systems they do not own, or have not been asked to attack by the owner. a typical layout of the hardware involved in a Web site: the client (or attacker), a firewall, the Web server, and perhaps a separate SQL server and file server to store uploaded documents. In the early days of Web security, most hacks made use of vulnerabilities in the Web server software, the operating system hosting it, or the ancillary services running on it
(such as FTP or email)