PHP Security question

433 views
asked Apr 11, 2012 in Security by TheRock (920 points)
hi folks

I have created a few PHP based web applications but I am not %100 sure about how secure my code is and I’m worried from having any security breaches. I would really appreciate it  if someone could please guide me on how to test my. I do not want to tell my users that the application is secure unless I’m sure it really is.

2 Answers

0 like 0 dislike
answered Apr 11, 2012 by SmartHost (9,060 points)
Hi there,

you can hire some PHP security professional to do the work for you.
and there are also some free programs that can scan your site, such as;
HP Scrawlr  and Acunetix Vulnerability Scanner
0 like 0 dislike
answered Apr 11, 2012 by mike231 (2,480 points)
you can start by doing the following

- check $_GET/$_POST variables that write to a database  by inserting  or ' in any input that records to the database.
If you get SQL error, your application is not secure.
- Make sure php, OS, and everything else that you are using is always updated
- Make sure you have a firewall installed and it is up to date
- If possible, disable ftp port entirely if you're on and switch to sftp.
- Rename any admin directory from "admin" to something a not so familiar with some numbers and letter
...