Hello all,
I am assigned to test a social network website developed in PHP, MySQL and MooTools.
Usually, how do you check your web apps for security, performance and all other major parts need to be tested.
Thanks
3 Replies - 1208 Views - Last Post: 17 March 2013 - 07:04 AM
#1
How do you test a web site for security, performance and etc...
Posted 14 February 2013 - 08:59 AM
Replies To: How do you test a web site for security, performance and etc...
#2
Re: How do you test a web site for security, performance and etc...
Posted 14 February 2013 - 09:13 AM
I would start with some automated tests using tools such as Acunetix Vulnerability Scanner and Nikto:
Then you can go bug-hunting by hand!
- Nikto - http://cirt.net/nikto2
- Acunetix - http://www.acunetix.com
Then you can go bug-hunting by hand!
#3
Re: How do you test a web site for security, performance and etc...
Posted 15 February 2013 - 08:38 PM
Buy a copy of Hacking Exposed - Web Applications. It more than covers most vectors of attack, but the big ones you want to find are:
XSS
SQL Injection
Page Inclusion
Directory Traversal
Poison Null
Session Hijacking
XSS
SQL Injection
Page Inclusion
Directory Traversal
Poison Null
Session Hijacking
#4
Re: How do you test a web site for security, performance and etc...
Posted 17 March 2013 - 07:04 AM
As far as tools
Havij Pro - SQL Injection
XSSsEk3r - I wrote this myself (I might release), runs through every known xss attack and try's it
MetaSpl0it Framework (Armitage GUI) - Pentesting server itself
zenmap - checking open ports
Will post more tomorrow but start there
Havij Pro - SQL Injection
XSSsEk3r - I wrote this myself (I might release), runs through every known xss attack and try's it
MetaSpl0it Framework (Armitage GUI) - Pentesting server itself
zenmap - checking open ports
Will post more tomorrow but start there
Page 1 of 1