You are probably familiar with the attacks of February 2000 on eBay, Yahoo,Amazon, as well as other major e-commerce and non–e-commerce Web sites.Those attacks were all Distributed Denial of Service (DDoS) attacks, and all occurred at the server level.Those same attacks moved hacking to center stage in the IT community and in the press.

With that spotlight comes an increased awareness by information security specialists, project managers, and other IT professionals. More and more companies are looking to tighten up security. As a result, hackers have become more creative and more talented, raising the bar on security from not only a network administration standpoint, but also from an applications development standpoint.

To go about creating a defense, you must try to approach an understanding of where these attacks could originate, from whom, and why they would target you.You will learn in this book that your systems and applications can be targeted or chosen randomly, so your defense strategy must be as comprehensive as possible and under constant evaluation. If you can test and evaluate your programs by emulating attacks, you will be more capable of finding vulnerabilities before an uninvited guest does so. Hackers range from inexperienced vandals—just showing off by defacing your site—to master hackers who will compromise your databases for possible financial gain. All of them may attain some kind of public infamy. Just say the name Kevin Mitnick to anyone in the Internet world, and they instantly recognize his name. Mitnick served years in prison for hacking crimes and became the media’s poster child for hackers everywhere, while being viewed in the hacker community as the sacrificial lamb.

Mitnick may have helped to bring hacking to the limelight recently, but he certainly was far from the first to partake in hacking. Due largely in part to the recent increase in the notoriety and popularity of hacking, a misconception persists among the general population that hacking is a relatively new phenomenon. Nothing could be further from the truth.
The origins of hacking superseded the invention of the Internet, or even the computer for that matter.As we discuss later in this chapter, various types of code breaking and phone technology hacking were important precursors.

Throughout this article, you will be given development tools to assist you in hack proofing your Web applications.This article series will give you a basic outline for approaches to secure site management, writing more secure code, implementing security plans, and helping you learn to think “like a hacker” to better protect your assets, which may include site
availability, data privacy, data integrity, and site content.