My anti-hacking idea:

[Splatzone]

Here's an idea I had, that would help sites with their hacking protection and also let people try hacking without doing any real harm.

Before a webmaster submits his/her site to the net, it can be uploaded to this site.

The members are hackers, and play a crucial role in the system.

Once the contents of the site is uploaded, hackers try and hack and defraud the system in every way possible (except of course server attacks etc)

The hacker's actions are logged into a file which the admin can read and make any changes to prevent it from happening in the wild.

The admin can then thank the hacker for finding the problems. Hacker gets rep

Pros:

• Allows budding hackers to try out skills in a safe and legal environment
• Free hacker protection/advice

Cons:

• Hacker could find exploit and not tell the admin, and use it for personal gain
• People might not feel secure uploading their site for scrutinization
• Wouldn't be safe for sites involving payment etc
• Hidden features the admin included in the software for his own use could be noted upon
• Gullible admins could take bad advice.

I dunno, it would have to rely on a strong system of trust. Like Ebay.

What do you think about such a system?

 

[lambada]

Sounds ok, but really some things are veruy dependant upon server settings. IE Register Globals.

The best way for that would be to publish the source code for pre-releases to try and prevent theoretical exploits. Of course, you may as well go open-source then.

The only way to be totally hack-proof is, for a computer system, is to put simply not be a computer system but be a coffee table or something instead.

 

[Splatzone]

Hmm yeah. Thats true. Maybe it would work for open source solutions like Joomla! Then again, there'd be no point since you could just stick it in your own server and hack till your heart's content.

 

[ryoko126]

For people that aren't super awsome at coding, that's not a good idea, as what they spent xx:xx amount of time to get put up gets messed up and they have no knowledge of how to fix it, even if it's pointed to them.

 

[mr kennedy]

For people that aren't super awsome at coding, that's not a good idea, as what they spent xx:xx amount of time to get put up gets messed up and they have no knowledge of how to fix it, even if it's pointed to them.

well your staement is true because many people now get their presences known in the web by free hosting like x10's.

 

[Splatzone]

For people that aren't super awsome at coding, that's not a good idea, as what they spent xx:xx amount of time to get put up gets messed up and they have no knowledge of how to fix it, even if it's pointed to them.

Hmm, true. This would be aimed more towards developers etc however.

 

[bigmanbfa2]

last time I checked, the government already has dedicated CEHs (certified ethical hackers) doing similar tests on sites and software that is either proprietary or in need of advanced security. Also this stops alot of the day-one hacks from occuring.

 

[ryoko126]

Hmm, true. This would be aimed more towards developers etc however.

That may be, but the way you had it said it'd make the teen hackers think that it automatically gives them permission to do that to anybody's site. What should be done is company's just hire the hackers to "test drive" the site and point it out while being paid to. Besides, I'd be really offended if someone I didn't even know said, "Hey I just hacked into your system. You better get better security." That'd just make me want to report them to the authorities.

 

[eminemix]

The idea sounds nice.
But i think legislation in some countries don't allow that.

 

[Sohail]

Doesn't the cPanel come with loads of anti-hacking tools?

 

[manzoor]

Be a hacker yourself

 

[excid3]

hmmm http://www.hackthissite.org comes to mind here...I've hacked through quite a bit of their levels. Quite a fun site. Pretty much what your idea is, just already been done, with a huge userbase.

 

[taekwondokid42]

I think that it would be good, but the cons seem to overcome the pros.

Also, is it a good thing to encourage future hackers??
How do you know that they will use their hacking skills for good, not corruption?

 

[edmundjones22]

'tis true... IBM has a team of "ethical hackers" who analyze the faults in security of websites and various other systems.

They then inform the customer how secure their system is, on a point grading system. Sounds much the same

 

[Archkronos]

Assuming this is dealing in PHP, a good idea would be to actually rewrite pages to end in, say, .aspx, which could futher confuse any hacker.

Besides, this could be problematic for anyone whom is too gullible. If someone does gain complete control, they could, potentially, remove any log files, and grind the site to a halt.