Sugarcane

Eventually we stop at a [[protected directory|Case File: File System Permissions]]. There's no way in, the permissions are locked down tight as a drum.\n \nShe executes some [[shell commands|Case File: Unix Shell]] and sets up a [[SSH session|Case File: Secure Shell]] to talk to her husband. I'm impressed, I didn't know a style sheet could do that. He opens the door.\n\n"Index.php I presume?". We meet at last.\n\n"Blerch" he says, by way of greeting. I don't know what she sees in this guy, but whatever it is, it's hidden deep.\n\nHe's a bloated mess, clearly written by a script kiddie or maybe a consultant. Cut and pasted [[spaghetti code|Case File: Spaghetti Code]] everywhere, no structure. He's even running around with register_globals switched on. A walking time bomb.\n\nThat's when I finally figure out what this is all about. How could I have been be so stupid? \n\nSomeone is standing behind me. I already know who it is.\n\n[[I turn around slowly.|The Twist]]\n

@keyframes blink {\n 0%,100% { opacity:1; } 50% { opacity:0; }\n}\n@-webkit-keyframes blink {\n 0%,100% { opacity:1; } 50% { opacity:0; }\n}\nhtml {\n background-color: rgb(85,87,83);\n}\nbody {\n background-color: rgb(212,208,200);\n width: 80em;\n margin: 5em auto auto auto;\n border: outset 2px #fff;\n}\n\nimg {\n text-align:center;\n}\n\n#passages {\n background-color: black;\n border: inset 2px #888;\n margin: 0.25em auto;\n width: 79.5em;\n -moz-box-sizing: border-box;\n box-sizing: border-box;\n padding: 0.5em 1em;\n}\n.passage {\n color: white;\n font: normal 11pt/1.33em Consolas, sans-serif;\n}\n\n/*\n.passage .internalLink::before {\n content: "[[";\n}\n.passage a.internalLink::after {\n content: "]]"; \n}\n\n.passage .internalLink {\n color: #00f;\n}\n.passage .internalLink:hover, .passage .internalLink:active {\n text-decoration: none;\n color: #000;\n background-color: rgb(178,180,191);\n}\n.passage .internalLink:active {\n color: #fff;\n}\n*/\n\n\n.passage em, .passage strong, .passage u, .passage span:not([class]), .passage sup, .passage sub, .passage strike {\n color: #008200;\n text-decoration: none;\n font-weight: normal;\n font-style: normal;\n font-size: 11pt;\n vertical-align: baseline;\n}\n.passage strong::before, .passage strong::after {\n content: "''";\n}\n.passage em::before, .passage em::after {\n content: "//";\n}\n.passage u::before, .passage u::after {\n content: "__";\n}\n.passage sup::before, .passage sup::after {\n content: "^^";\n}\n.passage sub::before, .passage sub::after {\n content: "~~";\n}\n.passage strike::before, .passage strike::after {\n content: "==";\n}\n.passage span:not([class])::before, .passage span:not([class])::after {\n content: "<html>";\n}\n.passage span:not([class])::after {\n content: "</html>";\n}\n.passage hr {\n border: 0px;\n height: auto;\n}\n.passage hr::before {\n content: "-----";\n}\n.header, .content, .footer {\n display: inline;\n}\n.footer {\n border-left: 1px solid #000;\n animation: blink 1s steps(1,end) infinite;\n -webkit-animation: blink 1s steps(1,end) infinite;\n}\n#sidebar {\n position: static;\n width: 100%;\n}\n#sidebar li, #storyTitle, .menu div {\n text-align: left;\n line-height: 100% !important;\n font: 9pt Tahoma, sans-serif;\n}\n#sidebar #title :not(:first-child), #sidebar #credits {\n display:none;\n}\n#sidebar :not(:first-child) {\n display:inline-block;\n font-weight: normal;\n font-style: normal;\n margin: 0 0.2em;\n padding: 0.2em 0.25em;\n border: outset 1px transparent;\n}\n#snapback {\n margin-left: 0.25em !important;\n}\n#snozbot a {\n text-decoration: none;\n}\n#snozbot:hover, #restart:hover, #snapback:hover, #share:hover {\n color: #000 !important;\n border: outset 1px #fff;\n}\n#storyTitle {\n font-size: inherit;\n color: white;\n font-weight: bold;\n vertical-align:top;\n}\n#sidebar #title #storyTitle::after {\n content: " - Snozbot";\n}\n#sidebar #title {\n margin: auto;\n padding: 4px;\n background-color: rgb(10,36,106);\n background-image: linear-gradient(90deg, rgb(10,36,106) 0%, rgb(166,202,240) 100%);\n background-image: -webkit-linear-gradient(0deg, rgb(10,36,106) 0%, rgb(166,202,240) 100%);\n}\n.menu div {\n padding: 0.25em 1em;\n}\n.menu div i {\n font-style: normal;\n color: gray;\n text-shadow: 1px 1px white;\n}\n.menu div i:hover {\n text-shadow: 0px 0px transparent;\n}\n.menu div:hover {\n background-color: rgb(10,36,106);\n color: #fff;\n}\n.menu {\n border: 1px outset #fff;\n background-color: inherit;\n opacity: 1;\n color: #000;\n}

She tells me her story. \n\nA few days ago somebody tried to kill her husband with a [[Cross-Site Scripting Attack|Case File: Cross-Site Scripting Attack]]. They failed, but she thinks they're going to try again. He's been hiding out deep in the operating system ever since. \n\nThey can't go to the authorities. If Big Chief found out what was going on, her husband would be deleted for sure. Vulnerabilies are always eliminated.\n\n"I'll try to help, but you have to bring me to your husband right now."\n\nShe calms herself and takes a deep breath.\n\n[["Thank you."|The Door]]\n\n

Her name is GET. She's looking for someone, a web page. \n\nHe's been missing for days and might be in trouble. Maybe she loves him, maybe he owes her money. It doesn't matter to me. All I need is a name and cash up front.\n\nShe whispers his name, [[Index.php|Case File: Index.php]]. No eye contact. \n\nI slug the last of the cheap whiskey and tug on my worn trenchcoat.\n\n[[I'm on the case.|The Obvious Places]]\n\n

Case File #11: Spaghetti Code\n\nSpaghetti code is a pejorative term for source code that has a complex and tangled control structure, especially one using many GOTOs, exceptions, threads, or other "unstructured" branching constructs. \n\nIt is named such because program flow is conceptually like a bowl of spaghetti, i.e. twisted and tangled. Spaghetti code can be caused by several factors, including inexperienced programmers and a complex program which has been continuously modified over a long life cycle. Structured programming greatly decreased the incidence of spaghetti code.\n\nSource: [[Wikipedia|http://en.wikipedia.org/wiki/Spaghetti_code]]\n\n[[Back|Protected Directory]]\n

Case File #3: Browser Cache\n\nWhen a browser requests a file from a web server, it takes a while for the file to download. People tend to visit the same sites repeatedly, so browsers keep a copy of every downloaded file in a special area called a Cache. \n\nThe next time the user requests the same file, the file is quickly copied from the local cache instead of being downloaded again.\n\nDownloaded files are kept in the cache for a limited time, typically a few days. When a file has expired, it is flushed from the cache. The next time that file is requested, it will be downloaded from the server again.\n\n[[Back|The Obvious Places]]\n

Cache Town, what a dump.\n\nEvery two-bit [[tracking cookie|Case File: HTTP Cookie]] and washed up file winds up here. The whole place oughta be wiped clean from the browser. But it's a good place to find some dirt when you need it.\n\nAfter some polite enquiries about Index.php and some less polite threats, one of the cached files coughs something up. \n\nHis teeth.\n\nWith the niceties out of the way, he tells me what I need to know.\n\n"Stop hurting me you psycho! He's not here! That file got flushed from the cache day before yesterday."\n\nThat's how it works down here in Cache Town. When your time is up you get flushed, no exceptions. \n\n[[I consider my options|The Language Of Pain]]

"I've watched you from a distance for a long time, but I was too nervous to approach you." \n"But I had to come. I love the way you work. You're an efficient relentless machine, like me." \n\n"I... I think you're beautiful. I just wanted you to know that."\n\nNot exactly Shakespeare, but I was making this up on the fly.\n\nAnother pause. \n\n>>> INVALID CREDENTIALS. PREPARE TO BE...\n\n[[This isn't looking good|Now Or Never]]\n

Case File #14: File System Permissions\n\nMost current file systems have methods of assigning permissions or access rights to specific users and groups of users. These systems control the ability of the users to view or make changes to the contents of the filesystem.\n\nUnix-like and otherwise POSIX-compliant systems, including Linux-based systems and all Mac OS X versions, have a simple system for managing individual file permissions, which in this article are called "traditional Unix permissions". Most of these systems also support some kind of access control lists, either proprietary (old HP-UX ACLs, for example), or POSIX.1e ACLs, based on an early POSIX draft that was abandoned, or NFSv4 ACLs, which are part of the NFSv4 standard.\n\nSource: [[Wikipedia|http://en.wikipedia.org/wiki/File_system_permissions]]\n\n[[Back|Protected Directory]]\n

One more roll of the dice. I flash The Firewall a sly smile.\n\n"I know damn well I'm using the wrong port. I just wanted to get your attention."\n\nA pause. \n\n>>> [[EXPLAIN|Explain]]\n

[img[http://snozbot.com/404_detective_agency/start.png]] \n\nA Twine game created for [[Dublin Twine Jam|http://www.dublintwinejam.com]] by [[Chris Gregan|http://www.snozbot.com]].\n\n[[Start the case|A Bad Omen]]\n

Case File #13: Unix Shell\n\nA Unix shell is a command-line interpreter or shell that provides a traditional user interface for the Unix operating system and for Unix-like systems. Users direct the operation of the computer by entering commands as text for a command line interpreter to execute or by creating text scripts of one or more such commands.\n\nThe most influential Unix shells have been the Bourne shell and the C shell. The Bourne shell, sh, was written by Stephen Bourne at AT&T as the original Unix command line interpreter; it introduced the basic features common to all the Unix shells, including piping, here documents, command substitution, variables, control structures for condition-testing and looping and filename wildcarding. The language, including the use of a reversed keyword to mark the end of a block, was influenced by ALGOL 68\n\nSource: [[Wikipedia|http://en.wikipedia.org/wiki/Unix_shell]]\n\n[[Back|Protected Directory]]\n

Case File #D: Style Sheets\n\nCascading Style Sheets (CSS) is a style sheet language used for describing the presentation semantics (the look and formatting) of a document written in a markup language. Its most common application is to style web pages written in HTML.\n\nCSS is designed primarily to enable the separation of document content (written in HTML or a similar markup language) from document presentation, including elements such as the layout, colors, and fonts. This separation can improve content accessibility, provide more flexibility and control in the specification of presentation characteristics, enable multiple pages to share formatting, and reduce complexity and repetition in the structural content (such as by allowing for tableless web design). \n\nSource: [[Wikipedia|http://en.wikipedia.org/wiki/CSS]]\n\n[[Back|Alley]]\n

When you're a powerful web server like Big Chief, you make a lot of enemies. And you better watch your "friends" pretty close too.\n\nAny packet from the outside world could be carrying malicious code. Ready to pounce on the slightest vulnerability and take down the whole [[LAMP stack|Case File: LAMP Stack]]\n\nThat's why you don't see many old web servers. That's why you need protection. That's why you need The Firewall.\n\nI turn a corner and suddenly a cone of light surrounds me. A klaxon pierces the night. \n\n>>> PAPERS PLEASE.\n>>> PRESENT YOUR TCP HEADER FOR INSPECTION.\n\n\n[[She's found me.|Transcoding Tony]]

Enter a tall brunette. Blood red lipstick and beautiful haunted eyes. She's a [[HTTP Request|Case File: HTTP Request]], and one glance tells me she's trouble.\n\nWhen a dame like that comes looking for someone like me it always means trouble. And money. My gut is telling me to walk away from this one, fast. But I already know I won't.\n\nShe doesn't speak. I don't lift my eyes from my drink.\n\n[["Okay, what do you want?"|Cash Up Front]]\n

"Hello Detective." says GET sweetly.\n\nShe's been tracking me with a client-side cookie all this time. I led her right to him.\n\n"Thank you for finding my friend. Now get ready to die, along with every single cursed file on this whole damn web server."\n\nIn her gloved hand she holds a [[SQL Injection Attack|Case File: SQL Injection Attack]]. It looks mean, like a cross between a computer virus and a switchblade.\n\nEverything makes sense now. GET was crafted by some caffeine crazed hackers looking to take over the system. The DDoS attack is just cover. Once that SQL Injection code hits Index.php, the whole web server will be cracked wide open. \n\nThe hackers needed a patsy to pull this off, and they found one. Me.\n\nI don't blame GET. She's just carrying out her function, what she was programmed to do. \n\nBut I have to stop her. \n\n[[I have to try.|Sacrifice]]\n

Case File #6: Access Token\n\nSome web applications, (e.g. Twitter or Facebook) require users to authenticate themselves, usually with a username and password.\n\nOnce the user has successfully identified themselves, it is necessary to record that the user is now allowed to access the service. One way to do that is wih an Access Token.\n\nOnce the user has been authorized, the server sends a small file (the token) to the browser. This file records the details of the successful authorization, so the browser can simply send the file the next time the server requires user authorization.\n\n[[Back|He's Carrying]]

I blow The Firewall a kiss and promise to call her. I might even do it if I live long enough. \n\nStanding in the message queue for the web server. Real heavy traffic today, nothing's moving. I overhear someone mention a [[DDoS attack|Case File: DDoS Attack]]. Hackers - bad news. \n\nA female voice whispers from a dark alleyway. "Psst! Hey Detective, over here!"\n\nI know it could be a trap, but what the hell. Big Chief isn't talking to anyone today. My hand drops to my holster.\n\n[[I enter the alley.|Alley]]\n

As I suspected, he's carrying. \n\nAn [[Access Token|Case File: Access Token]]. It's an old one, but still valid. I slip it into my trench coat.\n\n[[I plan my next move.|Big Chief]]\n

So I'm not chasing a ghost, this file does exist. I just need to know where to find him. \n\nI thank the cached file and then punch his lights out. Pain is the only language these reprobates understand. Keeps the others in line.\n\nAs he hits the ground, I hear an odd metallic thud. \n\n[[Better check the file's payload|He's Carrying]]\n

I move quickly.\n\nShe doesn't have time to react. I pull the SQL Injection Attack tight to my chest. \n\nI feel the cold code pierce my skin and the poisonous 0s & 1s start to seep into my binary file stream. It doesn't hurt. I'm doing something good for once in my miserable life. Saving an innocent life.\n\n[[Doing something good.|Dissolution]]\n\n\n

Case File #C: Server Log\n\nA server log is a log file (or several files) automatically created and maintained by a server of activity performed by it. Also anyone can see its History and visited places.\n\nA typical example is a web server log which maintains a history of page requests. The W3C maintains a standard format (the Common Log Format) for web server log files, but other proprietary formats exist. \n\nMore recent entries are typically appended to the end of the file. Information about the request, including client IP address, request date/time, page requested, HTTP code, bytes served, user agent, and referrer are typically added. These data can be combined into a single file, or separated into distinct logs, such as an access log, error log, or referrer log. However, server logs typically do not collect user-specific information.\n\nSource: [[Wikipedia|http://en.wikipedia.org/wiki/Server_log]]\n\n[[Back|Alley]]\n

Case File #2: Index.php\n\nA web page usually consists of a text file describing the content of the page. This file is written in a format called Hypertext Markup Language (HTML), and usually has the .html file extension.\n\nA .php extension indicates that the file is written using the PHP programming language. When a browser requests this type of web page, the PHP code in the file is executed on the server. \n\nThis allows the server to do things like lookup a user's details in a database, and then return that information to the browser as a HTML page. This is a very powerful mechanism, but it also opens up potential security vulnerabilities that are not possible with a simple HTML page.\n\n[[Back|Cash Up Front]]\n\n

Case File #0: Server Cooling\n\nThe data centers powering the Internet generate huge amounts of waste heat. Water cooling is a common technique to keep the temperatures down so the computer servers can work optimally.\n\n[[Back|A Bad Omen]]\n

If you do this job for as long as I have, and you manage to stay alive, you learn a few things. \n\nLike always start with the obvious places and duck when you hear gunshots. They could be pointed at you.\n\nI check his apartment, but all I get is a [[404 response|Case File: 404 Status Code]]. No-one home.\n\nNext port of call is the [[Browser Cache|Case File: Browser Cache]], better known as Cache Town. I need to dig this file up before someone else does.\n\n[[I ride the System Bus downtown.|Cache Town]]\n

404 Missing Page Detective Agency

One good thing about dealing with the scum sucking underbelly of the ‘net. You get to know some useful people. \n\nLike Transcoding Tony, the best [[TCP header|Case File: TCP/IP]] forger in the business. He fixed me up with some fake TCP headers for just this kind of situation. \n\n>>> PROCESSING HEADER... ANOMALY DETECTED.\n>>> INVALID PORT NUMBER.\n\nDamn! I tried to use a blocked port. Rookie mistake. Too much of that awful cheap booze. Dulling my senses, killing me slowly. \n\nTime for plan B, there still might be a way.\n\n>>> [[PREPARE TO BE BLOCKED|Roll The Dice]]\n

Case File #12: Secure Shell\n\nSecure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively).\n\nThe protocol specification distinguishes between two major versions that are referred to as SSH-1 and SSH-2.\n\nSource: [[Wikipedia|http://en.wikipedia.org/wiki/Secure_Shell]]\n\n[[Back|Protected Directory]]\n

I'm going to have to ask Big Chief about this missing file. Easier said than done.\n\nBig Chief is the ruthless king pin of Server City. He's a [[webserver|Case File: Web Server]], running Apache httpd. You need something, Big Chief will find it for you. But there's always a price.\n\nIf you want to talk to Big Chief, first you've got to get past [[The Firewall|Case File: Firewall]], and she is one tough customer. Present the wrong credentials and she'll snap your neck in a heartbeat. \n\nMy kind of girl.\n\n[[Time to go talk to Big Chief|The Firewall]]

Think fast detective. Now or never.\n\n"And I eh.. I brought you this Access Token as a uh.. a token of my affection."\n\n>>> THE FIREWALL [[DOES NOT ACCEPT|Flirt]] ACCESS TOKENS\n

Case File #10: Data stream\n\nA stream is a sequence of bytes. A stream is a general name given to a flow of data. Different streams are used to represent different kinds of data flow. Each stream is associated with a particular class, which contains member functions and definitions for dealing with that particular kind of data flow. \n\nThe stream that supplies data to the program in known as an input stream. It reads the data from the file and hands it over to the program. The stream that receives data from the program is known as an output stream. It writes the received data to the file. \n\nSource: [[Wikipedia|http://en.wikipedia.org/wiki/Data_file#Stream]]\n\n[[Back|The Door]]\n

Case File #F: Symbolic Link\n\nIn computing, a symbolic link (also symlink or soft link) is a special type of file that contains a reference to another file or directory in the form of an absolute or relative path and that affects pathname resolution.\n\nSymbolic links were already present by 1978 in mini-computer operating systems from DEC and Data General's RDOS. Today they are supported by the POSIX operating-system standard, most Unix-like operating systems such as FreeBSD, GNU/Linux, and Mac OS X, and also Windows operating systems such as Windows Vista, Windows 7 and to some degree in Windows 2000 and Windows XP in the form of Shortcut files.\n\nSource: [[Wikipedia|http://en.wikipedia.org/wiki/Symbolic_link]]\n\n[[Back|The Door]]\n

>>> BUT I DO APPRECIATE THE GESTURE. \n>>> YOU'RE KINDA CUTE TOO.\n\n>>> YOU MAY TRY YOUR REQUEST ONE MORE TIME. \n\nI can't believe that worked. I'd heard you can sometimes flirt your way past these software firewalls if you're extremely lucky. A hardware firewall would have nailed me straight away, no question.\n\n[[Port 80 this time, no mistakes.|Message Queue]]

At the back of the alley, there's a door with a strange mark on it.\n\n"This is a [[symbolic link|Case File: Symbolic Link]]." she smiles. "It'll take us someplace else in the file system."\n\nShe leads me through a labyrinth of directories and sub-directories. At one point we wade through a [[data stream|Case File: Data Stream]] to hide our tracks.\n\nShe's very good. There's no way anyone could find this guy without a guide.\n\n[[We keep moving.|Protected Directory]]\n

Case File #B: DDoS Attack\n\nA denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.\n\nOne common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.\n\nSource: [[Wikipedia|http://en.wikipedia.org/wiki/Denial-of-service_attack]]\n\n[[Back|Message Queue]]\n

Case File #9: LAMP Stack\n\nThe acronym LAMP refers to first letters of the four components of a solution stack, composed entirely of free and open-source software, suitable for building high-availability heavy-duty dynamic web sites, and capable of serving tens of thousands of requests simultaneously.\n\nThe meaning of the LAMP acronym depends on which specific components are used as part of the actual bundle:\n1. Linux, the operating system (i.e. not just the Linux kernel, but also glibc and some other essential components of an operating system);\n2. Apache HTTP Server, the web server;\n3. MySQL, MariaDB or MongoDB, the database management system;\n4. PHP, Perl, or Python, the scripting languages (respectively programming languages) used for dynamic web pages and web development.\n\nSource: [[Wikipedia|http://en.wikipedia.org/wiki/LAMP_stack]]\n\n[[Back|The Firewall]]\n

Case File #1: HTTP Request\n\nWhen you click a link on a web page, your web browser sends a request to the web server to fetch the page you've requested.\n\nThe request is a simple piece of text, written using a special language (HTTP - the Hypertext Transfer Protocol). There are several types of request, the most common being a GET request. \n\nA GET request asks a webserver to send back a resource on the server to the web browser, e.g. a web page or an image file.\n\n[[Back|Blood Red Lipstick]]\n

Nighttime in Server City. \n\n[[Ice cold water|Case File: Server Cooling]] flows through the gutters and sewers of this town, draining away the daytime heat. The city shivers.\n\nI haven't had a paying case in weeks, and the bills keep piling up. Only a packet of cheap smokes and a half empty bottle of bad Bourbon to keep me company. Soon I'll be drunk enough to sleep, and to forget. At least for a little while.\n\nFootsteps at the door. Hesitating, thinking twice. Some punk looking to settle an old score?\n\nMy hand settles on the comforting grip of my snubnose revolver. The only friend I can count on.\n\n[[The door opens.|Blood Red Lipstick]]\n

Case File #5: HTTP Cookie\n\nA cookie, also known as an HTTP cookie, web cookie, or browser cookie, is a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user's previous activity.\n\nCookies were designed to be a reliable mechanism for websites to remember stateful information (such as items in a shopping cart) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited by the user as far back as months or years ago).\n\nSource: [[Wikipedia|http://en.wikipedia.org/wiki/HTTP_cookie]]\n\n[[Back|Cache Town]]\n

"NOOO!" screams GET "What have you done!?"\n"Don't you know what this web server is?! Don't you know what it DOES?"\n\nNot much time left. Vision blurring, on my knees. Focus - one last time.\n\nI look at Index.php. Then I stare at Index.css. Something is wrong. Try to combine them, see them rendered. Something is terribly wrong.\n\n"Oh no." I gasp with my last breath. "I'm so sorry. I didn't... I didn't know. I'm so sorr.."\n\nThe poison finally finishes its deadly work. \n\nAs my world fades to black, the last thing I see is [[the web page|Brain Enlargement Pills]] I have wasted my life to save.\n\n\n\n\n

Case File #E: Cross-Site Scripting Attack\n\nCross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. \n\nA cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.\n\nTheir effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.\n\nSource: [[Wikipedia|http://en.wikipedia.org/wiki/Cross-site_scripting]]\n\n[[Back|Hiding Out]]\n

"Detective! You've got to help me! Someone's trying to murder my husband!". \n\nThe lady breaks down in tears. My motto: Never trust a crying dame.\n\nHer name is [[Index.css|Case File: Style Sheets]]. Stylish dresser, easy on the eye if you know what I mean.\nShe was monitoring the [[server logs|Case File: Server Log]] and saw me come into the system. Thought maybe I could help her. \n\nShe's been married to Index.php for a long time. She says she loves him, with a sad smile.\n\n[[Maybe she can lead me to him.|Hiding Out]]\n\n

Case File #15: SQL Injection Attack\n\nSQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).\n\nSQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.\n\nSource: [[Wikipedia|http://en.wikipedia.org/wiki/SQL_injection_attack]]\n\n[[Back|The Twist]]\n

[img[http://snozbot.com/404_detective_agency/brain_pills.png][http://www.snozbot.com]]\n

Case File #7: Web Server\n\nThe primary function of a web server is to deliver web pages to clients. The communication between client and server takes place using the Hypertext Transfer Protocol (HTTP). Pages delivered are most frequently HTML documents, which may include images, style sheets and scripts in addition to text content.\n\nA web server is essentially a special application running on a computer connected to the Internet. The two most popular web servers in use today are Apache httpd and Microsoft IIS.\n\nSource: [[Wikipedia|http://en.wikipedia.org/wiki/Web_server]]\n\n[[Back|Big Chief]]\n

Case File #8: Firewall\n\nA firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on applied rule set. \n\nMany personal computer operating systems include software-based firewalls to protect against threats from the public Internet.\n\nSource: [[Wikipedia|http://en.wikipedia.org/wiki/Firewall_(computing)]]\n\n[[Back|Big Chief]]\n

Case File #4: 404 Status Code\n\nWhen a server responds to a HTTP request, it sends back a numeric status code to indicate if the request was successful.\n\nThere are a lot of codes to indicate different situations, some common examples are:\n\n200: Success. The requested resource was found and returned.\n404: Page not found. The requested resource does not exist on the server.\n500: Server error. The server was unable to process the request.\n\n[[Back|The Obvious Places]]\n

Case File #A: TCP/IP\n\nThe Transmission Control Protocol (TCP) is one of the core protocols of the Internet protocol suite (IP), and is so common that the entire suite is often called TCP/IP. \n\nTCP provides reliable, ordered, error-checked delivery of a stream of octets between programs running on computers connected to a local area network, intranet or the public Internet. It resides at the transport layer.\n\nWeb browsers use TCP when they connect to servers on the World Wide Web, and it is used to deliver email and transfer files from one location to another.\n\nSource: [[Wikipedia|http://en.wikipedia.org/wiki/TCP_header#TCP_segment_structure]]\n\n[[Back|Transcoding Tony]]\n