Profiling

To hack an application, you must know all there is to know about that application.

The first thing most hackers do is use a combination of automated tools, such as retina or nikto. They also enumerate your site manually, to understand as much as possible about your application.

Hackers look for:

• Places data can be submitted to the server, including search fields, data entry, registration pages, and forum posts.
• Format of the URL. Your standard URL format sometimes gives away hints about the underpinnings of what data is being sent back to the server. As a result, it can give the hacker an easy way to manipulate the data stream.
  For example, if you had a URL, http://my.website.com/TestPage.asp?User=jsmith, I could try to change jsmith to something else.
• Hidden fields in the pages, such as viewstate, input fields containing important information about security or pricing, etc. These fields, although they say they are hidden, really are accessed easily by the hacker. A program called Achilles allows a hacker to manipulate all data sent from the server to the client and all data sent back. Achilles allows all hidden fields to be seen, and their values to be changed.
• Client-side validation. Sometimes, client-side validation gives the hacker insights into the method you're using to ensure your fields are safe from hackers: what checks you are doing, and in what order.

Armed with this information, the hacker can plan an attack suited for your site and application.