Web application security - the fast guide 1.1 | Page 66

Chapter 4 - Be the attacker
P a g e | 66
4.1 Be the Attacker
To be able to have a full understanding of how the attack is taking place you need
to put on the attacker hat and think like a one.
Time and place: Thinking of how, where when is important but actually
it is not that relevant because attacker will try 24/7 from everywhere as
anonymous servers and nodes are available all over the world are ready
to be a hacking initiation point intentionally or accidently.
An exception will be those application that are only available for a preset
time or period.
As most of web application are opened to public all the time the initial
scenario is the one that will stand.
What to target: everything…. all parts of the system should be potential
subject to attack, web platform, application, backend, databases, web
client, transport and last not least the availability because security is like
a chain weak as its weakest part
Mindset: persistence, iterative approach is always fruitful. normally
attackers are pushed by huge ego, powerful feelings and lot of energy.
4.2 Attackers categories
Script kiddies
Cyber-Punks
Old School
Hacker
Professional
criminals
Coders and
Virus writers