Internet security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a service by a server and network-accessible resources.
Obviously, it is one of the most important topic in the field of computing. We get a chance to know some of the common "technique" used to make a attack like SQL injection,authentication bypass, information disclosure ,remote command execution etc.
If we do sth like
<form action="/cgi-bin/login" method=post>
Username: <input type=text name=username>
Password: <input type=password name=password>
<input type=submit value=Login>
It is very susceptible to SQL injection. If an attack do sth like
username=admin%27%29+--+&password=+Then the server is hacked.Thus the lesson learned here is that we must validate the input from the user carefully. We can never assume all users will follow the guild lines without taking any funny or malicious actionI heard there is an interesting module teaching computer security. The final is exam is the best part~ given two hours. You must hacked a server given as it is purposely set with certain loopholes.
This talk was pretty amazing for me as well. I've always known about SQL injection but never knew the details. I tried it on an app I wrote (to get a feel of what all of you were going through), and it seemed to be immune.. heh heh..
ReplyDeleteThat's the nice thing about embedded systems; because many real-time embedded systems aren't networked, security is less of a concern.
can explain how this works? username=admin%27%29+--+&password=+
ReplyDeletea more detail step by step guide?
i intend to test on my ruby on rails website.
ReplyDelete