How to test the security of my site? ( Built with PHP/MYSQL )

Hi Guys, i built a php enabled site, and i have finished it actually, but the thing is, i am not experienced and may have made some mistakes that will make it easy to get hacked.

 

you will need to hire a code auditor.

 

Did you make the code yourself? If it is an already existing solution you might try to look for current exploits. Otherwise, if you made it yourself you could hire someone to review your code and try various exploits on it.

 

Agree with InnovusHost, if you have innovated that code then it's already existing solution, but if you want to test your code then you should hire professional code auditor for the same. Wish you good luck!

 

Submit your site for a Penetration test.

7echie.com

 

PHP Vulnerability Hunter for PHP and hese are ood basic scanners

 

Do you have a SSL Certificate enabled in your site?

 

I would suggest you to check 2 things:

1. PHP + Apache security (disable the vulnerable functions in PHP like exec, if your code doesn't need that).
2. Hire a software tester and test your codes, will definitely yield better results than a pre-built automatic checker.

 

Try to hack your own site,
or tell help to friend to hack it.

 

Thanks for replies. @whrsstech I don't know anything about Apache so, I will check that out. & @lolpasslol I tried to hack it, but like I said, since I am newbie it was worthless.
Anyway, I followed the things I know to protect it from mysql injection like:
* every input in the site is every, GET / POST functions are strip taged, and mysql_real_string_escaped.
* Made sure, functions do not contain errors.
* Future errors such as in case of PHP beign updated, and somethings may not work, errors will output customized messages
* and directory listing is disabled


I am forgetting anything?


The thing about hiring code auditors is that, how do anyone trust them? I've been carefully working with this site for months, and it's like a news site with so many advanced futures. How would I feel safe, giving all my codes to someone I don't know, if he can distribute my codes or even use them without my permission ??

Btw, I just brought acunetix web vulnerability scanner and I will try to hack my site with that, if that helps.

 

Should have knowledge on testing applications.
Experience in preparation of test plans, test strategy, test case design and test execution.
Will be responsible for developing test plans and test case reports for functional, system, GUI and regression testing independently.
Will execute functional tests on builds at regular frequency and deliver test reports and bug reports.
Experience in Manual and Automated Testing of Software Application.
Experience in Automated test tools like QTP , Test Director.

For more details log on to

www.softwaretestingclass.com/

Regards,
-Kanif

 

yes! the same question some body help me to know more details and protect my site?

 

I would suggest you to do this too.

 

Hi,

What type of hosting is this, i.e. Shared, VPS or Dedicated?

If you're using a VPS or Dedicated server, I would recommend using mod_security. The issue with this is that mod_security can be a little over-sensitive at times and end up firewalling people for things that you wouldn't consider malicious. You can configure a ruleset for it that works well for you.

 

I think you need a test case...I don't know much about it, of course (I would like to understand it). It kind of helps to figure out the bugs and fix them before you implement the product.

 

Test cases are like testing cosmetics through experimentation, on whether or not they are right for people. For example a new software offers data validation, a test case is needed to make sure that the validation runs without any bugs or errors. For more information you can read by

visit

Code (markup):

this site. I hope I was able to help you.