An Introduction to Hacking and Cyber Security - Complete Guide

Introduction to hacking guide shows you the tools used, what hackers look for and how to protect yourself from vulnerabilities and exploits.

This hacking and security tutorial series aims to provide application developers with the knowledge of how exploits in their code can be used against the application and how a simple validation error can cause a data breach.

A Brief History of Hacking

The term hacking dates back to the early 1950s when it was a positive label given to a group of students at MIT who came up with some ingenious campus pranks. The pranks started way back in 1926 when a group of students "parked" a car on the wall of the dormitory building. The term hacker was coined in the early 1950s when MIT computer gurus started to push computer systems beyond the defined limits. They would often find and exploit security holes in computer systems based purely on curiosity. The curiosity of what the system did, how the system could be used, how the system did what did, and why it did what it did.

Over time, these exploits were used for more sinister purposes, and hacking became a bad thing. Personal, confidential and money were stolen from computer systems and hackers were labelled the enemy.

There are two main categories of hackers, white hat and black hat.

• White hat hackers, so-called ethical hackers, attempt to breach security but don't perform any malicious acts. Instead, they report their findings so that their vulnerability may be fixed and a reward is given.
• Black hat hackers hack systems maliciously, either to deface a website, steal data or cause damage, physically, financially or through loss of reputation.

Introduction to Hacking and Ethical Hacking

The tools and techniques presented here are not languages or platform-specific, it does not matter if you are writing a PHP application, ASP.Net Forms or MVC, nor if you use IIS, Apache, nginx or any other server technology. The practices are the same regardless.

There are several approaches hackers use to compromise a system. These are called attack vectors and the one chosen depends on the system being targeted and where the hacker feels the weakest link is. Some common attack vectors include -

• Intercepting communications between a web browser and web server - Man in the Middle Attack
• Exploiting a victims computer and web browser - Cookie security and session hijacking
• Getting someone to download and install malicious software - Phishing
• Exploiting some weakness of people - social engineering

We'll take a look at each of these in the upcoming Introduction to Hacking and Cyber Security course.

Tools Involved in Basic Ethical Hacking

It may surprise you to learn that all you need to hack a website is Google Chrome, Firefox or IE with developer tools and Fiddler , the free web debugging proxy. There are other tools which offer more automated, or brute force attempts, but the techniques are just as valid so I'll show you how Chromes developer tools combined with Fiddler can be used to identify risks and secure your website.

Google Chrome

Google Chrome is my web browser of choice. Not only is it the fastest and lightest browser on the market, but it also features several really useful developer options out of the box. Additionally, there is a large marketplace for third-party plugins which further extend this functionality. Firefox is also a good browser and offers just as good developer tools and plugins, however, I found over recent releases it was getting a bit bloated and slow. Although I use Google Chrome and Chrome Developer Tools in this article, the process is the same for using Firefox tools.

Google Chrome Developer Tools

Developer Tools are accessed using the F12 key. This will open up a new window (or a docked panel). There is a lot of stuff that goes on in the developer tools, but for this tutorial, we are going to focus on Elements, Networks and Resources.

The Elements tab breaks down the DOM (Document Object Model) and allows you to drill down into the HTML markup. You can also access the elements quickly by right-clicking on the web page and selecting "Inspect Element" from the context menu. In the Elements tab, you can directly manipulate the DOM and add or remove elements, attributes or values.

The Network tab allows you to view the network activity for the page. It lists all the requests to the server, the files downloaded, timings for each request and status codes.

Finally, the resource tab shows things like images, CSS and fonts used, cookies for the page and anything that uses local storage. We can use this when we work with cookies later on.

For this tutorial, there is a Chrome plugin that we are going to use. It's called Cookie Inspector and available on the Chrome web store . There are other plugins available, however, I like this one because it integrates well with the developer tools. Cookie inspector will allow us to manipulate cookies set by a website and allow us to change the values before they are sent back to the website.

Fiddler

The other application we are going to be using is Fiddler. This application is a free HTTP debugging proxy, which means it captures HTTP traffic to and from your computer and a server. It allows you to inspect and analyse these captured requests and responses, look at the headers, any form data submitted and the body content. You can also compose your own HTTP requests and analyse the results from the server.

In the next part of this series we will take a look at cryptography, the process of securing communications.