I just wrote one of my first web applications (Linux, Apache, MySQL, Django) and would like to publish it publicly. This is a web task disguised as a game; I intend to ultimately put it on Amazon Mechanical Turk and give small bonuses to people who achieve certain results.
Despite the fact that this application does not have an extremely high security risk, I need to protect it from manipulation and reverse engineering. However, I have little formal testing / security training. Given that there are real winnings, I know that people will have an incentive to cheat, whether changing the POST data, pressing the back button and resending the data until it won, etc. So far I have dealt with these issues on an ad hoc basis, through security testing, as I am thinking about possible exploits. However, I understand that there are probably many forms of manipulation that I have not thought of yet.
Can someone recommend some reading materials from which I can learn how to protect my site from manipulation and reverse design?
source
share