I asked Caleb Sima from SPI Dynamics, a Web application and security assessment software firm, to give me some insights about breaking into Web sites. Caleb has a pretty cool job: he gets paid to do this, in the process demonstrating the need for tools such as his employer sells as well as the various weaknesses of people’s sites. When he came to CMP last fall, he was inside our own Web site and reading stuff that he shouldn’t have had access to within a minute or so. Fortunately, our Web folks have tightened things up, but you may not be so lucky.
I asked Caleb to give me an idea of how he manages to find these vulnerabilities so quickly, and he came up with a few suggestions. If you understand how Web servers work and how they have directory structures and input forms just like your computer on your desktop, you can get pretty far — even without much other specialized knowledge. To give you a flavor of this, I submit his prescription for locating a web application attack vulnerability called cross-site scripting.
You can read more of this essay here.