Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I test PHP site security for most common security flaws?

Tags:

security

php

I need to make sure that PHP sites that I administrate, don't have any common PHP flaws, like SQL injection, wrongly configured permissions to files and folders etc. By site I mean for example Joomla site with plugins and modules. Making this security check manually can be time consuming and automated test could be run on daily basis to just make sure nothing has changed.

So my question is that is there any good automated software for this or do I have to code one myself?

like image 897
newbie Avatar asked Sep 29 '10 11:09

newbie


People also ask

Are PHP websites secure?

PHP is as secure as any other major language. PHP is as secure as any major server-side language. With the new PHP frameworks and tools introduced over the last few years, it is now easier than ever to manage top-notch security.

Why does PHP have security issues?

Using remote file inclusion, a hacker tries to fool your PHP code into accepting a URL on another site as valid input. This action can then be used to execute malicious code. Local file inclusion can be used to get a web application to return the content of a local file. A popular example is WordPress's wp-config.


1 Answers

Using a fuzzer is a good idea. But, you could also try coding an automated system yourself, as this will boost your knowledge about php and security issues/loop holes in your php sites.

I would personally use Google's Skipfish and find out for yourself if there are problems, then build your own just for your needs and ease of use. Good luck!

like image 198
ryryan Avatar answered Sep 28 '22 07:09

ryryan