Menu
I need to make sure that PHP sites that I administrate, don't have any common PHP flaws, like SQL injection, wrongly configured permissions to files and folders etc. By site I mean for example Joomla site with plugins and modules. Making this security check manually can be time consuming and automated test could be run on daily basis to just make sure nothing has changed.
So my question is that is there any good automated software for this or do I have to code one myself?
897
PHP is as secure as any other major language. PHP is as secure as any major server-side language. With the new PHP frameworks and tools introduced over the last few years, it is now easier than ever to manage top-notch security.
Using remote file inclusion, a hacker tries to fool your PHP code into accepting a URL on another site as valid input. This action can then be used to execute malicious code. Local file inclusion can be used to get a web application to return the content of a local file. A popular example is WordPress's wp-config.
Using a fuzzer is a good idea. But, you could also try coding an automated system yourself, as this will boost your knowledge about php and security issues/loop holes in your php sites.
I would personally use Google's Skipfish and find out for yourself if there are problems, then build your own just for your needs and ease of use. Good luck!
198
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
