The purpose of this article is not to teach you how to hack sites, but to show you some scenarios that may reveal to you how vulnerable your existing site may be, or will hopefully help you prevent any future sites from having these vulnerabilities.
Unfortunately, hacking today is a fact of life. But not all hackers are bad hackers; in fact the term hacker can describe anyone who is enthusiastically interested in computers or programming. The original hackers, the first ever known, are reported to be a group of model railroad enthusiasts who, sometime in the 1950's were given some old telephony equipment as a donation. Not wanting to waste this equipment, they 'hacked' or modified it for use in their railroad system and were able to 'dial in' track switching commands using recycled dialers and other parts of the phone equipment. So the original term hacking also meant to modify or exploit a previously unknown use of something. Punch-card computer systems were soon the subject of hacking, and programmers delighted in finding ways of doing the same things with fewer punch cards. It was shortly after this, sometime in the early seventies, that malicious hacking began to come about in the form of phreaking, hacking into telephone networks and having telephone usage charged to other people or not at all.
Today the terms hacking and hackers have many connotations, the best known being of course people who exploit software and/or the Internet for personal gain or fun. These hackers are sometimes referred to as black-hat hackers, or crackers, and those that simply use software to hack, with no real programming knowledge are called script-kiddies. There is also an increasing number of so-called white-hat or ethical hackers who, among other things, use their skills to test web applications for weaknesses and to help develop security in web applications and software. Often, people who look at open source software and attempt to refine and add to its existing features are referred to as hackers.
The purpose of this article is not to teach you how to hack sites successfully; I won't be teaching you how to steal credit card numbers, bring down Hotmail or reverse-engineer the latest release of Windows. I'm simply going to show you a couple of scenarios that may reveal to you how vulnerable your existing site may be, or will hopefully help you prevent any future sites from having these vulnerabilities. Don't be fooled however; the iron-clad security needed by some sites such as online banks requires the highest degree of professional assistance. Countless books have been written on the subject of hacking, so there is no possible way for me to discuss all known types of attack. There are some techniques you can try out to attempt to assess the vulnerability of your own site and applications, techniques that once learned, you should employ as part of the creative process in every site you construct.