[noorahmad]

Hello all,

I am assigned to test a social network website developed in PHP, MySQL and MooTools.

Usually, how do you check your web apps for security, performance and all other major parts need to be tested.


Thanks

[TheKirk]

I would start with some automated tests using tools such as Acunetix Vulnerability Scanner and Nikto:

• Nikto - http://cirt.net/nikto2
  
• Acunetix - http://www.acunetix.com

Then you can go bug-hunting by hand!

[Lemur]

Buy a copy of Hacking Exposed - Web Applications. It more than covers most vectors of attack, but the big ones you want to find are:

XSS
SQL Injection
Page Inclusion
Directory Traversal
Poison Null
Session Hijacking

[CynicalSolution]

As far as tools

Havij Pro - SQL Injection
XSSsEk3r - I wrote this myself (I might release), runs through every known xss attack and try's it
MetaSpl0it Framework (Armitage GUI) - Pentesting server itself
zenmap - checking open ports
Will post more tomorrow but start there