This is related to Realistic mission 1 but it's not about how to complete the mission so I think it belongs here rather than in that forum.
Most polls these days can not be hacked like the one in realistic mission 1. What precautions do web developers use or how do these web developers implement their polls so that they can not be hacked like the one in realistic mission 1?
Hacking a poll
Forum rules
Older HTS users: Be nice to the new people.
NEW USERS: This is NOT the place to post about missions! Refer to "Missions" category.
Older HTS users: Be nice to the new people.
NEW USERS: This is NOT the place to post about missions! Refer to "Missions" category.
3 posts • Page 1 of 1
Hacking a poll
by gsingh2011 on Sun Mar 27, 2011 2:19 pm
([msg=55614]see Hacking a poll[/msg])
- gsingh2011
- New User
- Posts: 10
- Joined: Sun Mar 27, 2011 2:14 pm
- Blog: View Blog (0)
Re: Hacking a poll
by Goatboy on Sun Mar 27, 2011 2:45 pm
([msg=55615]see Re: Hacking a poll[/msg])
The most important thing anyone could do to secure a web application is called input validation. The number one rule with security is to never trust user input. You don't know if someone is a regular user or an attacker, so it's safer to assume everyone is an attacker. This way, you don't make assumptions about data being safe to handle.
In the case of Real 1, input validation should check that any submitted number is a whole number between 1 and 5. This will rule out negative numbers, large numbers, and letters. Additionally, they could implement an IP-based throttling mechanism so you can't vote over and over from the same IP. They could implement a CAPTCHA to prevent botnets from submitting large amounts of votes. These are just three suggestions, and I know there are more. I'm not a developer by any means, but these should be pretty common knowledge to anyone in the security field.
In the case of Real 1, input validation should check that any submitted number is a whole number between 1 and 5. This will rule out negative numbers, large numbers, and letters. Additionally, they could implement an IP-based throttling mechanism so you can't vote over and over from the same IP. They could implement a CAPTCHA to prevent botnets from submitting large amounts of votes. These are just three suggestions, and I know there are more. I'm not a developer by any means, but these should be pretty common knowledge to anyone in the security field.
Mundus Vult Decipi
-
Goatboy - Expert
- Posts: 2443
- Joined: Mon Jul 07, 2008 9:35 pm
- Blog: View Blog (0)
Re: Hacking a poll
by insomaniacal on Sun Mar 27, 2011 7:31 pm
([msg=55619]see Re: Hacking a poll[/msg])
I've seen a website tracking how many times you've voted by using cookies. This is a big no-no. Just thought I'd throw this in.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
insomaniacal.blog.com
-
insomaniacal - Addict
- Posts: 1212
- Joined: Sun May 24, 2009 10:21 am
- Blog: View Blog (0)
3 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests