Common Bad Habits of a Professional Web Developer

On March 10, 2008, in Concept, Tips, by Zoiz

If you are a web developer, then you must read this. This time I’ll not talk about any critical vulnerabilities or exploits on a system, CMS, etc. Let’s talk about a web developer / web master bad habit itself. A bad habit that will lead them to be mass owned.

The problem lies within a password, a default password. Yes, the default password problem do exists on custom CMS! If you are still confuse of what I am talking about, I’ll give a REAL LIFE case, but of course I’ll will not mention the vulnerable sites. I’ll use example site name instead.

Here the story goes :

Let’s say Company X is a group of professional web developers. They have been developing web system for years and are well experienced. Let’s assume that they have developed 30 sites so far.

And Mr. Z, the attacker is eager to own site V, one of Company X customer.

And so Mr. Z went to site V to take a deep look. But the result shows no significant bugs found. And so he took another approach to try his luck. He went to Company X site and listed all their customers sites. He found out one of their customers site, site Y had a critical SQL Injection vulnerability. He exploited the site until he got all the users Login ID and passwords.

Then he went to site V again, and use the Login ID and passwords from site Y and try to log in to site V. Miracle happened, he successfully logged in to site V administration control panel. He owned site V through site Y.

This is a true story, and happened in our real life. Some web developer companies have some kind of default password for all sites that they developed. I am not sure what is the real purpose, but as my conclusion is that they are too LAZY to remember all the passwords. Because of this bad habits, sometimes mass hacking occurs.

I write this article isn’t base on no proofs, I ever owned dozen of sites with a single user name and password just like the story above. But I never damage or deface them, it’s not an ethical act to me.

And my advice to you is, if you are a web developer don’t take this bad habit or ready to be owned! 

If you enjoyed this article, please consider sharing it!
Digg Delicious Digg

Tagged with:  

4 Responses to “Common Bad Habits of a Professional Web Developer”

  1. ch40s says:
    March 11, 2008 at 3:54 am

    hmhm… if a web developer still use default password for the website company..
    that web developer it self can’t be count as a pro web developer ;) )

  2. arie says:
    March 11, 2008 at 4:11 am

    Some of them even use the same password for their email accounts. I’ve been using this method to own some ppl :)

  3. Zoiz says:
    March 11, 2008 at 4:19 am

    @ch40s
    They are Pros when they developed sites. But when dealing with password awareness, some of them have this bad habit ;)

    @arie
    Yeah, hehe

  4. YS says:
    March 12, 2008 at 5:14 am

    Nice post…

Leave a Reply