PHP and Ethical Hacking [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.

---

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 6 months ago.

Improve this question

I know all the security issues. SQL injection, XSS issues, SSL, session hijacking , I have read security books etc. But yet, I feel that a backroom boy laugh me ! I 开发者_JS百科want to hack my site ethically before backroom boy did this illegally?. From Where I can start? How can I make sure that I use security preventions correctly? Thanks

---

Is this a trick question or something? Like, "Where's the beginning of a perfect ring?"

You say that you know the issues which you need to worry about. Write everyone that comes to mind into a list. Analyze that list, determine some priority order and get to it! If you know the issues, you should know ways to attack those issues.

I did find this decent looking article, which may very well provide you exactly what you're asking:

http://goodfellas.shellcode.com.ar/docz/web/php-fuzzing.pdf

What I was looking for is PHP Fuzzer, to add another layer of testing.

Found this list: http://www.infosecinstitute.com/blog/2005/12/fuzzers-ultimate-list.html

At this page, which explains fuzzing a bit, hence its appearance here:

http://www.owasp.org/index.php/Fuzzing

---

If you can hack your site, it's a bad thing. The only real gotcha is probably CSRF. Aside from that, you might want to setup TLS or something to secure against man in the middle attacks. Since you seem to know about input sanitization, I'd assume you don't have to worry about abuse of things like eval, include (or anything else that opens a file), system, etc.