0

Note: This is for my personal use. I'm not going to hack someone else's website.
I have several websites, and I'd like to learn how to hack them so that I can secure them. Where can I find some good resources for learning how to hack my websites?

I already know about Hack This Site.

Could someone please change the tags, as I can't create new tags?

AviD
  • 72,138
  • 22
  • 136
  • 218
daviesgeek
  • 117
  • 4
  • Please re-read our FAQ: http://security.stackexchange.com/faq Particularly important here is the section on **Black Hat vs White Hat**: *"...if the question looks too much like a request for attack tools or mechanisms to spread a virus, it may be moderated."* – Iszi Sep 22 '11 at 17:01
  • @Iszi I did read the FAQ, and I did note that. Thanks for warning me. Now would moderated mean closed, or would it mean changed? – daviesgeek Sep 22 '11 at 17:03
  • Unless you can form this into a real security question from a defensive posture, (as the FAQ says: *"protecting assets from threats and vulnerabilities"*) I expect it to be closed. – Iszi Sep 22 '11 at 17:14
  • There's not nearly enough information to give a good answer - a question might say "My website uses $TECHNOLOGIES, what is best practice to keep them secure?"; but even that isn't a great fit for SE. – DanBeale Sep 22 '11 at 17:17
  • possible duplicate of [How can you become a competent web application security expert without breaking the law?](http://security.stackexchange.com/questions/4844/how-can-you-become-a-competent-web-application-security-expert-without-breaking-t) – Hendrik Brummermann Sep 22 '11 at 18:45
  • @DanBeale I am not the main programmer, and the framework is custom-built, so that's why I didn't give a specific technology. – daviesgeek Sep 23 '11 at 04:41
  • @daviesgeek First of all, besides the previous comments, there are already quite a few questions on this, search a little through the site and I'm sure you'll find plenty of interest. – AviD Sep 23 '11 at 08:11
  • Secondly, "knowing how to hack" something is not necessarily the best way to get to "knowing how to secure it". Yes, learning about web attacks is important, but you'd be better served by learning about the basic principles, secure design, and secure coding. – AviD Sep 23 '11 at 08:12

1 Answers1

5

When it comes to websites, OWASP is a big part of that knowledge. Be familiar with their Top 10 and try them out on your site. There's a lot of other informative information there as well.

Beyond that, any resources related to pentesting are good starting points. Books about Penetration Testing is a good starting point there as well.

There are also a lot of related tools: What tools are available to assess the security of a web application?, and sometimes know those will point you down the right path.

If you're trying to learn a broad scope overview of something, I suggest also check out the tags: https://security.stackexchange.com/questions/tagged/attack-prevention will show you a wealth of good resources to think about when designing you web applications / sites.

Community
  • 1
Jeff Ferland
  • 38,090
  • 9
  • 93
  • 171