1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How to test the security of my site? ( Built with PHP/MYSQL )

Discussion in 'Security' started by eritrea1, Jun 17, 2012.

  1. #1
    Hi Guys, i built a php enabled site, and i have finished it actually, but the thing is, i am not experienced and may have made some mistakes that will make it easy to get hacked.
    SEMrush
     
    eritrea1, Jun 17, 2012 IP
    SEMrush
  2. SolidShellSecurity

    SolidShellSecurity Banned

    Messages:
    262
    Likes Received:
    3
    Best Answers:
    1
    Trophy Points:
    45
    #2
    you will need to hire a code auditor.
     
    SolidShellSecurity, Jun 17, 2012 IP
  3. InnovusHost

    InnovusHost Peon

    Messages:
    136
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Did you make the code yourself? If it is an already existing solution you might try to look for current exploits. Otherwise, if you made it yourself you could hire someone to review your code and try various exploits on it.
     
    InnovusHost, Jun 18, 2012 IP
  4. jeetmadgan

    jeetmadgan Member

    Messages:
    173
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    46
    #4
    Agree with InnovusHost, if you have innovated that code then it's already existing solution, but if you want to test your code then you should hire professional code auditor for the same. Wish you good luck!
     
    jeetmadgan, Jun 19, 2012 IP
  5. TechieH

    TechieH Peon

    Messages:
    14
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Submit your site for a Penetration test. :)

    7echie.com
     
    TechieH, Jul 23, 2012 IP
  6. outsourcethis

    outsourcethis Active Member

    Messages:
    32
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    61
    #6
    PHP Vulnerability Hunter for PHP and hese are ood basic scanners
     
    outsourcethis, Jul 30, 2012 IP
  7. sabrina

    sabrina Active Member

    Messages:
    212
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    53
    #7
    sabrina, Aug 16, 2012 IP
  8. whrsstech

    whrsstech Peon

    Messages:
    12
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #8
    I would suggest you to check 2 things:

    1. PHP + Apache security (disable the vulnerable functions in PHP like exec, if your code doesn't need that).
    2. Hire a software tester and test your codes, will definitely yield better results than a pre-built automatic checker.
     
    whrsstech, Aug 17, 2012 IP
  9. lolpasslol

    lolpasslol Peon

    Messages:
    860
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    0
    #9
    Try to hack your own site,
    or tell help to friend to hack it.
     
    lolpasslol, Aug 25, 2012 IP
  10. eritrea1

    eritrea1 Active Member

    Messages:
    182
    Likes Received:
    9
    Best Answers:
    2
    Trophy Points:
    70
    #10
    Thanks for replies. @whrsstech I don't know anything about Apache so, I will check that out. & @lolpasslol I tried to hack it, but like I said, since I am newbie it was worthless.
    Anyway, I followed the things I know to protect it from mysql injection like:
    * every input in the site is every, GET / POST functions are strip taged, and mysql_real_string_escaped.
    * Made sure, functions do not contain errors.
    * Future errors such as in case of PHP beign updated, and somethings may not work, errors will output customized messages
    * and directory listing is disabled


    I am forgetting anything?


    The thing about hiring code auditors is that, how do anyone trust them? I've been carefully working with this site for months, and it's like a news site with so many advanced futures. How would I feel safe, giving all my codes to someone I don't know, if he can distribute my codes or even use them without my permission ??

    Btw, I just brought acunetix web vulnerability scanner and I will try to hack my site with that, if that helps.
     
    eritrea1, Aug 26, 2012 IP
  11. softwaretesting

    softwaretesting Peon

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #11
    Should have knowledge on testing applications.
    Experience in preparation of test plans, test strategy, test case design and test execution.
    Will be responsible for developing test plans and test case reports for functional, system, GUI and regression testing independently.
    Will execute functional tests on builds at regular frequency and deliver test reports and bug reports.
    Experience in Manual and Automated Testing of Software Application.
    Experience in Automated test tools like QTP , Test Director.

    For more details log on to

    www.softwaretestingclass.com/

    Regards,
    -Kanif
     
    softwaretesting, Aug 27, 2012 IP
  12. laithbarnouti

    laithbarnouti Peon

    Messages:
    17
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #12
    yes! the same question some body help me to know more details and protect my site?
     
    laithbarnouti, Aug 30, 2012 IP
  13. snoppy0

    snoppy0 Greenhorn

    Messages:
    14
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    11
    #13
    I would suggest you to do this too.
     
    snoppy0, Sep 28, 2012 IP
  14. AstoundingHost

    AstoundingHost Peon

    Messages:
    34
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #14
    Hi,

    What type of hosting is this, i.e. Shared, VPS or Dedicated?

    If you're using a VPS or Dedicated server, I would recommend using mod_security. The issue with this is that mod_security can be a little over-sensitive at times and end up firewalling people for things that you wouldn't consider malicious. You can configure a ruleset for it that works well for you.
     
    AstoundingHost, Sep 30, 2012 IP