harriyott.com

I'm on my way back from an excellent VBUG session. Barry Dorrans demonstrated a worrying number of website hacks, from cross-site scripting to SQL injection attacks and search engine leaks. This is the same presentation that I foolishly missed at the first developer^3 day, and I'm really glad I got another chance to see it.

Some of the techniques I had come across before, but not in as much detail as Barry showed. I must mention at this point that Barry repeatedly emphasised that these website hacks should not be tried willy nilly on various websites, but the information provided was to be used to help prevent our own sites being hacked.

Barry had a deliberately bad website installed on his laptop that he demonstrated the various hacks on. This was quite useful, as one or two of the examples were quite hard to understand until it was shown.

Some of the hacks were quite subtle, like trying to make a web page crash by meddling with the query string. If the site was still in debug mode, then the exception details are displayed to the user, including source code, and possibly database details from any SQL in the source.

As ever, Barry had a relaxed style of presenting, which was engaging and entertaining. So; good content and good presentation made for one of the best developer sessions I've attended.

[Tags: ]
13 September 2006