Yes I am a Noob....
Just thought I would get all of the 'what a noob' comments out of the way. I have not hacked anything, except for the 2 basic challenges I had to finish before I could post. Thanks for making those pretty easy by the way.
OK, why I am here. Over the past several years I have been teaching myself web coding. I am a graphic designer, and I really enjoy coding. I can use HTML, CSS, and php. My latest site is valid in HTML 4.01, CSS level 2, and WAI-AAA WCAG 1.0.
I am increasingly concerned about the security of my sites, especially my private family site. I have learned that my site is vulnerable to XSS, through a little test I found by googling it, though I am not sure how to fix this or what this issue really means. I have a php/mysql login script, and I don't think I have ever been hacked.
I would also like to take a look into some other sites that are protected in the same way. Is it illegal to get past someone's login script and just look at the content that is behind it?
I am really excited about learning about web site security. I also think your challenges are fun, so I am going to keep trying to do those, I hope they don't get to hard to fast!
Thanks for all of your help in advance!!
Oh, I forgot I wanted to tell you all a little about myself. I am, hmm, I wonder what is relevant hereā¦.
Female Thin/Average Height Late 20's from Kentucky, USA married anything else, just ask
I meant XHTML, sorry.
I am not sure what level we are talking about, I really don't know where to start when it comes to this stuff. I taught myself to code by doing one thing I wanted the site to do at a time.
I ran a little 'test' at http://searchsoftwarequality.techtarget.com/tip/0,289483,sid92_gci1159276,00.html. It didn't show up as step 4, but as step 5, aka, didn't show up on the page, but was in the source code.
If you would like to see my site PM me, I would rather it not be public, and this profile not be related back to my business. I doubt ppl around here would hire a web designer that was active on a hacking web site.
Forgot, the web site I am concerned about is not XHTML, CSS, or any other compliant. It was my first baby, and I haven't updated it yet. I am planning a restructuring as soon as I feel up to it. It's been the same site with just personal updates for years. When I start to change it I always get a little sad:(
BitchCoder wrote: I meant XHTML, sorry.
I am not sure what level we are talking about, I really don't know where to start when it comes to this stuff. I taught myself to code by doing one thing I wanted the site to do at a time.
I ran a little 'test' at http://searchsoftwarequality.techtarget.com/tip/0,289483,sid92_gci1159276,00.html. It didn't show up as step 4, but as step 5, aka, didn't show up on the page, but was in the source code.
If you would like to see my site PM me, I would rather it not be public, and this profile not be related back to my business. I doubt ppl around here would hire a web designer that was active on a hacking web site.
Where did you submit that query? Was it the login box that was in that document? Yeah, you can hit me up on PM or AIM if you want it to be faster.
Hi BitchCoder, I fucking hate noobs. It's one thing to declare yourself new to something, or a beginner, or bewildered by a subject, but people proudly declaring themselves noob is idiotic since it's about as stupid as a retarded kid who's been hit over the head with a frying pan. Anyhow, that's just a personal annoyance of mine, after all it was just a dumbass phrase used as an introduction and you know how first impressions never last.
Welcome to HBH :D
I read alot of the other forums here before posting. I just wanted to make it clear that I understood part of joining a forum like this is I was going to ask stupid questions (to the reader anyway) and say things you thought would be stupid. Then someone would make fun of me being a noob, so I just got it out of the way.
Peace.
My point is; you don't do any good by saying anything like that, we're all new at some point, what you do is call unnecessary attention to it. If a question is considered stupid, calling a lot of attention to it beforehand won't change anything about the question itself. Just have some pride and if you want to tell everyone that you're new, just say that you are indeed new to the subject, that's all. There's no need to publicly insult yourself.
BitchCoder wrote: What about other security threats, how do I look for them?
Learn about them. For beginner site admins who don't have the means to get a professional audit job done Acunitex and other vulnerability scanners are going to be your friends. Hundreds to thousands of different attacks with fast results. You can look at their output to see possibly how they would attack through it and also, possibly patch options.
You can learn about how the exploits work after you patch them, seeing as that seems to be your first worry.