Hacking a poll

A place where newbies can post without (much) fear of reprisal. All mission posts should still go in the applicable forum.
Forum rules
Older HTS users: Be nice to the new people.

NEW USERS: This is NOT the place to post about missions! Refer to "Missions" category.

Hacking a poll

Post by gsingh2011 on Sun Mar 27, 2011 2:19 pm
([msg=55614]see Hacking a poll[/msg])

This is related to Realistic mission 1 but it's not about how to complete the mission so I think it belongs here rather than in that forum.

Most polls these days can not be hacked like the one in realistic mission 1. What precautions do web developers use or how do these web developers implement their polls so that they can not be hacked like the one in realistic mission 1?
gsingh2011
New User
New User
 
Posts: 11
Joined: Sun Mar 27, 2011 2:14 pm
Blog: View Blog (0)


Re: Hacking a poll

Post by Goatboy on Sun Mar 27, 2011 2:45 pm
([msg=55615]see Re: Hacking a poll[/msg])

The most important thing anyone could do to secure a web application is called input validation. The number one rule with security is to never trust user input. You don't know if someone is a regular user or an attacker, so it's safer to assume everyone is an attacker. This way, you don't make assumptions about data being safe to handle.

In the case of Real 1, input validation should check that any submitted number is a whole number between 1 and 5. This will rule out negative numbers, large numbers, and letters. Additionally, they could implement an IP-based throttling mechanism so you can't vote over and over from the same IP. They could implement a CAPTCHA to prevent botnets from submitting large amounts of votes. These are just three suggestions, and I know there are more. I'm not a developer by any means, but these should be pretty common knowledge to anyone in the security field.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2823
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Hacking a poll

Post by insomaniacal on Sun Mar 27, 2011 7:31 pm
([msg=55619]see Re: Hacking a poll[/msg])

I've seen a website tracking how many times you've voted by using cookies. This is a big no-no. Just thought I'd throw this in.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)



Return to NZone

Who is online

Users browsing this forum: No registered users and 0 guests

cron