In This Chapter

Web applications, like e-mail servers, are common hacker targets because they're everywhere and often open for anyone to poke around in. Basic Web sites used for marketing, contact information, document downloads, and so on are a common target for hackers (especially the script-kiddie types). However, for criminal hackers, Web sites that provide a front end to databases that store valuable information, like credit card and Social Security numbers, are especially attractive. This is where the money is, both literally and figuratively.

Why are Web applications and databases so vulnerable? The general consensus is that they're vulnerable because of poor software development and testing practices. Sound familiar? It should; this is the same problem that affects operating systems and practically all computer systems. This is the side effect of relying on software compilers to perform error checking, waning user demand for higher-quality software, and emphasizing time-to-market instead of security and stability.

This chapter presents Web application and associated database hacks to run on your systems. Given all the custom software and database configuration possibilities, you can test for literally thousands of Web and database vulnerabilities, but I focus on the ones I see most often. I also outline countermeasures ...