With the uprise of serverside scripting technogies, the technical possibilities for web based applications became almost infinite. More and more companies offer webbased services towards their customers. Common used tasks in the scope of e-commerce as order tracking, stock view, online sales,… are now online available to the customer. Discarding the investment that accompanies the creation of these applications, the advantages are numerous. The biggest advantage is beyond any doubt, the ‘available on demand’ property of these applications. The customer is no longer bound to opening hours of a helpdesk.
Because most of these webbased applications access a part of the internal company’s software infrastructure, security has become a very important issue. Most sites provide a login to prevent unauthorized access to their application. However, most login validation systems are very amateuristic and can be bypassed very easily. If the online access portal gives direct access to the company’s administration software, the effects of a visit by a malicious user can be devastating.
The purpose of this article is to point out some of the most recurring methods of hacking websites, and how you can prevent them on your website.