In this post I will elaborate how hackers use web applications to initiate their attacks.This is important for many of since most of us somewhat create web applications and some of us think about moving to marketing area to create a bigger cash flow.
Attackers, note down boxes used in the site for information inputs. They check whether these boxes use GET or POST method. Both of these methods give the hacker an idea how the website works and they start testing the weak spots of the system.
The web address is configured to show the main directory of the website and the attackers add different directory names and try to see what they can access. For example an attacker targeting a website called http://www.victimwebsite.com, would try to access a directory called http://www.victimwebsite.com/admin to see whether he can access the control panel of the website.
Another way to learn about hidden folders is to use robots.txt. This file is aimed to inform search engines which folders are worth listing and which folders should not be listed. This file can include knowledge a hacker is not supposed to know. Thus a specific naming convention should be used for folders in order to make them more stealth. An administrator also should avoid including important folder names on that list.
Moreover embedded codes in CSS files, gives clues about the ability of the coders to the hacker. These files can also create weaknesses for the hacker to exploit.