: Is it necessary for a web developer to know how to hack website? I'm a web developer. I'm just wondering that is it necessary for a web developer to know how to hack website than developing

@Pope3001725

I wouldn't say it is necessary to know how to hack a website, but I would say it is necessary to know how to defend one. This may sound like the same thing but they really are different. There are multiple ways to attack a website (SQL injections, cross site scripting attacks, email header injections) and how you would do this can vary depending on what the attacker is hoping to accomplish (steal information, hijack a session, phishing). Defending against these doesn't require knowing how this is done as they can get quite complicated. All you need to know is how to code defensively to stop this attacks from being useful.

For example, you should always escape special characters when doing a SQL query to prevent SQL injections. You don't have to know how a SQL injection is done. You just have to know that escaping your query properly will prevent these attacks from being successful.

Cross site scripting attacks can be very complicated to perform. But as long as know how to defend against them (use HTTPS for logins, change session IDs when a user logs in, filter user input to avoid HTML code injection, http only cookies, etc) you can present them from being successful.

Knowing how these attacks are performed does make it easier for you to understand how to defend against them. But it is not required to know how these attacks work in detail. A very basic understanding of the concept, along with a strong knowledge of how to defend against them, is enough to ensure you keep your websites safe.

Vote Up Vote Down