how to test your script security level???

[airwinx]

Hi All developer,
I wonder is there any website or software to test how secure your srcipt is?? eg. let said I write a script or a website and I wanna know how secure my script is, where can I do that??? currently my websites i had design are all required user to log in, so i wanna test how secure the script is.


pls advise.

[ted_chou12]

yeah, this sounds like a cool idea to me, i also have a site with user logins, suggestions from anyone? :-\

[mjlogan]

You can always give it the test of the obvious injection test, and sql ones if you are using that. Along with tests of extreme, normal and erroneous data.

[the_oliver]

perhaps you can put a non-critical vertion of your script (a demo) on a site thats not in use and just ask people to have a go!  should soon expose any week points. 

One of the main areas of weekness can be not in your code, but in the way the permitions/firewalls/what ever access restrictions your using, are set up.  Such as dissabling anonomus ftp etc. 

[ted_chou12]

is using .htaccess files to protect my database very secure?
I use it to protect my txt files that includes the login info. :D

[trq]

[quote]is using .htaccess files to protect my database very secure?[/quote]

What kind of database are you talking about? mySql is a database server, all data should be stored well outside of the web accessable root.

[ted_chou12]

i stored them in the web accessable route for convenience... so i guess is insecure :-[