This idea popped in my head this morning and holy crap...the domain name was available..so i snatched it up. I'd like some input on my concept.

The concept would be a place for two different kinds of people to go..

first, hackers that know vulnerabilities and know their way around different types of web software and things like that.

second, people who have put in a lot of time on their own web site, or a clients web site, and want to ensure security.

Now the idea is to get hacked by someone who will tell you about security holes and vulnerabilities before someone really hacks in and steals real information.

some things I'm curious about, and would like some input:
Would it be better if this was a forum in which hackers accept an agreement that states they will not abuse their knowledge and maliciously hack a persons web site and steal valuable information?

Should this be a paid service? meaning people who really want to find vulnerabilities will pay the person who finds the holes?

How could you use this service?

Lots of thoughts I'm pondering right now...and I'd really like to get some feed back from you.

Thanks in advance!
-Nate

Quote:

hackers accept an agreement that states they will not abuse their knowledge and maliciously hack a persons web site and steal valuable information?

Haha. I had to laugh at that.

I think you would be better off trying to make a secure website and see if it can get hacked and keep improving it until it cant. Leaving out important information you just keep a plain html page linked to a forum and run the discussion separately and keep the html up to test for vulnerablities.

Then companies can pay you for securing their website accurately.

In all honesty, you wont get it to 100% safe because I don't think there is a website that can't be hacked, but you can certainly get it to the high 90%'s

Thanks for the response, and yeah I agree with you.

I'm also thinking about stuff like cross site scripting...some people program a web site and have no clue they're open to such holes, until weird things start happening.

I'd also like to see a lot of write ups, such as how to avoid XSS...

I don't know much about security, so I think a guy like myself would benefit from this...

I would watch out; if you if you leave holes in a website on purpose to get it hack, hacked it will be maybe hackers will delete your site.Why not just have discussions etc not tutorials.

I actually like the idea, pretty creative I think

I would suggest learning a little more about security issues yourself though before you really build up the site. When you first launch a site the traffic is usually slow to begin with and you have to be able to grab every visitor that comes along by showing them you know what you're talking about.

What content would you have on the site when you first launch? You would need something to entice not only companies to prove that there site could have vulnerabilities but also you would have to make it worthwhile for a hacker to bother hacking your site.

If you only have 3 or 4 pages about "what you do" a decent hacker probably couldnt even be arsed hacking you lol.

I hope this topic stays active as I'd like to follow its progress, even just to see how long your site is live before it gets hacked lol.

Wasn't hackers.com hacked within something like 30 minutes of going live? Oh dear ....

edit : also if you do progress with the idea I would ensure that you leave no trail to your name or nathanledet.com website. Some funny hacker might decide to point out the vulnerabilities in your own website (if any such vulnerabilities exist )