|
Posted by Christophe Chisogne on 05/23/05 17:40
Andy Pieters a écrit :
> I am looking at where I can get my system tested for penetration.
Probably on the world "wild" web :-)
More seriously, there are companies doing that, but it can be expensive.
> http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/
>
> It is actually a kind of CMS system so if someone gets in, create a page with
> the cms as proof.
You'll get only a few basic checks if you give only that URL.
Ex: check if special input dont lead to usefull display of errors,
or if .htaccess can't be simply retreived, etc
To get a better sense of security, it's best to show the code
(or at least the relevant parts) : Security through obscurity
isnt the best idea, as you probably know.
Of course, if you can't provide the code for various reasons,
you can audit the code yourself, after reading some documentation
about (PHP) security. Some links below can help you.
Christophe
PHP Manual -- IV. Security
http://www.php.net/manual/en/security.php
PHP Security Guide
http://phpsec.org/projects/guide/
PHPSec Library
http://phpsec.org/library/
[Back to original message]
|