bespokesoftwaredeveloperuk Posted January 20, 2014 Share Posted January 20, 2014 Hi All, I am new here and new to PHP...so please be gentle! I was wondering if there is any kind of tool/framework/plug-in available which will help me find security holes in my bespoke software developed using PHP. For obvious reasons, I cannot make the application public...but any advice/guidance/best practice guide would be really appreciated. Has anyone used or can recommend any free/open source penetration testing tools which would highlight the most common security mistakes? Thank you in advance! Jon Bespoke Software Expert UK Quote Link to comment https://forums.phpfreaks.com/topic/285523-how-secure-is-my-bespoke-software-developed-in-php/ Share on other sites More sharing options...
TinyI Posted January 28, 2014 Share Posted January 28, 2014 Hi, generally, as a rule, always make sure you filter any input, and escape any output. That rules out many problems you'll have security wise. Have regexes to look at things which are trying to break your SQLs such as sleeps or 'ORS' or 'UNIONS' etc. There is a distro of linux called Kali which is a pen-testing distro. It has tools ready installed. Obviously, your testing will only be as good as your knowledge of the tools to test it with. Please note, I personally haven't tried this myself, but had it recommended. Good luck. Quote Link to comment https://forums.phpfreaks.com/topic/285523-how-secure-is-my-bespoke-software-developed-in-php/#findComment-1466873 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.