Saturday, August 31, 2013

Transmitting Data Via Hidden Form Fields

It is pretty obvious thing that web application passes data to user in different form. Its not the only one way transaction,sometimes user also need to parse the data to the server in form of login credentials, registration, file upload etc..

One way of transmitting data which are not modifiable directly at client side is Hidden HTML Form Fields. While creating a webpage some fields are created in with hidden type so that it wont be appear at client side but everyone will be interacting with that indirectly. To illustrate this lets take an example.

Let's suppose any online purchasing website. If customer is going to buy a product then only modifiable value at client side will be quantity only. How much quantity a customer is going to buy that has to be filled by client only. If customer selects quantity 2 so there will be a function at client side that price will be multiplied by the quantity and will be displayed on the screen. Thus how whole payment transaction is carried away. In this case price field's value is written hidden type in html page rather than normal one. Because website owner does not want customer to change prize it has to be static. So that remains hidden not modifiable.

Thursday, August 29, 2013

CyberCrime - From A Different View Point

Many of you are already familiar with cyber crime. I am just going to share which are the areas in cyber crime that one should keep in mind apart from only hacking and bank fraud. These areas are also called as "Traditional Crime Techniques".

In this article I am going to compare traditional crime techniques to the cyber crime techniques and methodologies. We will come to know how common is that in the real world and how hacker got an idea of doing digital crime by analyzing real world traditional crime.

Wednesday, August 28, 2013

Information Gathering - Why? How? & What?

Lets suppose any thriller stealing movie. Think what does robbers do before they hack the bank or anything else? They gather the information. They collect each and every information about bank system, alarm methodology, CCTV interface, Guards changing time, list of weapons having with guards.After gathering information they make plan and attack or rob the bank. You all are clever. So assume they don't have these much of information and they are going to rob bank directly, what will happen ? You will find them caught with by police.

Same scenario also applied in information security world. Before attacking or testing something a hacker/tester needs to find the information about his/her target. Now this target can be a network, web application, organization or a person. In our world finding information is also called as footprinting or doxing. Also the term reconnaissance can be used sometimes.