Reply to Re: [PHP] Free penetration test

Your name:

Reply:


Posted by Christophe Chisogne on 05/23/05 17:40

Andy Pieters a écrit :
> I am looking at where I can get my system tested for penetration.

Probably on the world "wild" web :-)
More seriously, there are companies doing that, but it can be expensive.

> http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/
>
> It is actually a kind of CMS system so if someone gets in, create a page with
> the cms as proof.

You'll get only a few basic checks if you give only that URL.
Ex: check if special input dont lead to usefull display of errors,
or if .htaccess can't be simply retreived, etc

To get a better sense of security, it's best to show the code
(or at least the relevant parts) : Security through obscurity
isnt the best idea, as you probably know.

Of course, if you can't provide the code for various reasons,
you can audit the code yourself, after reading some documentation
about (PHP) security. Some links below can help you.

Christophe

PHP Manual -- IV. Security
http://www.php.net/manual/en/security.php

PHP Security Guide
http://phpsec.org/projects/guide/

PHPSec Library
http://phpsec.org/library/

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация