Re: Website Hacking. I Have A Question

[CodeGraphics]

I know servers can be hacked, but that is beyond my jurisdiction. My host will have to take care of that.

Well, I started searching about whether a static website could be hacked and I landed here: https://www.mavitunasecurity.com/

I downloaded their free website scanner. I installed it and entered my url. What the software does is to try to hack your website. It’s like penetration testing. The exercise lasted nearly an hour and I washed as the software was unleashing these attacks:

Cross-site Scripting
SQL Injection (Blind)
Command Injection
Local File Inclusion
Remote File Inclusion
HTTP Header Injection
Remote Code Evaluation
Web App Fingerprint
RoR Code Execution
WebDAV
Open Redirection
Expression Language

on the website. I actually received about 300 junk emails from the software during the exercise. And I found out that the html5 ‘require’ was actually bypassed in some cases because I actually received an empty messages which shouldn’t have gone through ordinarily. After, the exercise, the website remained intact.

I guess the reason is because the form data actually will be sent to a gmail account and not to a database. I think gmail actually prevented the software from hacking the website.

Well, I am becoming more concerned now about web security. I will really like to learn how to tighten up websites and databases from malicious attackers.