Looking at Your Site Through the Eyes of a Hacker

In the book, The Art of War (New York: Oxford University Press, 1971), Sun Tzu writes about planning a military strike:

“The General who wins a battle makes many calculations in his temple before the battle is fought. The General who loses a battle makes few calculations beforehand. Thus do many calculations lead to victory, and a few calculations allow defeat. It is by attention to this one point that I can foresee who is likely to win or lose.”

In essence, what he is saying is that the more a military planner knows about the potential situation, and has planned for it ahead of battle, the greater chance he'll have in winning.

Hacking a website or gaining illegal access to a computer system requires the same planning effort. The stronger the target, the more planning it takes; the weaker it is, the less effort it takes.

If you have a horribly unsecured website, then kiddie-scripters will gain and retain access of your site until you get rid of them. However, a well-secured site is a great deterrent to the average hacker.

If they want in, good hackers will take great pains to learn about you and what weaknesses exist. Following The Art of War, the more a hacker knows before he or she attempts to break in, the better his or her chances are of success. Inversely, the more you know about your own security and site, the better chances you'll have of defending against the bad guys.

Very good hackers are the kind you never know were ...

Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.