Learning white hat hacking to prevent black hat hacking

Server Config
1

Hello

Having been learning about programming, databases, algorithms etc for the last 4-5 years, I feel I am reasonably competent. I am completing my degree in Computer Science this year, and have a limited knowledge about security. I know the basics about SQL injection, second order attacks, using regex to sanitise user input etc. But I want to know more about how to protect my website and computer systems from hackers, (or crackers as we are told to call them in uni).

Is there somewhere on the web where you can safely learn white hat hacking, without breaking any laws or anything, that is designed for you to know how to protect yourself as much as possible from the bad guys? Perhaps with sandbox websites to practice etc?

I feel you can only really protect yourself from hackers if you know how to hack yourself (or hire a specialist). I have no intention on breaking any laws or doing anything malice though.

Thanks,

ro0bear :smiley:

2

There are a surprising number of books on the subject of “Ethical Hacking”. (Only one I’ve read is "Hacking for Dummies".) I don’t know about on-line resorces, but you could try looking [URL=“www.eccouncil.org/certification/certified_ethical_hacker.aspx”]here.

3

Another place to check is sans.org they have lots of good information on how to include security in your programs.

4

Just read and learn my friend, setup known vulnerable applications test various methods to get a better understanding how they work and what you can do with them - there is plenty places if you look hard enough, in this day and age, most exploits are either via some form of injection, XSS, SQL etc learn these methods first, online it’s all about getting the sensitive data, then the shell on the server and then root.

Web hacking is fairly easy when you start to get the hang of it and you start realising how unsafe we all really are :slight_smile: then you can start thinking about malware, there are various malware kits online if you look in the right places to check out and get a feel of how they work, malware such as zeus, crime ware, blackhole, ruby dent etc etc you probably have not heard of these but they all need controller servers, these controller servers control it’s trojans people use to infect a user online, they all connect back to the controller server every now and then and this eventually becomes a botnet.

All key logs and various other data is sent back too - heck some malware start cracking local wifi’s in your reach to try and infect them too, so your next door neighbour could become infected if your infected :slight_smile: