views:

352

answers:

5

I am in late testing phase of my web application. The application will be tested at a larger scale now.

During this time I want to test my website against various types of known penetration tools.

I am aware that it will be better to let a professional handle this subject, and this will be happening. But before I take that route I want to do all I can to make the application so secure as possible, so that when the pro does his work, he does not come back with a large list of things I could have done before hiring him.

I am not looking for advanced methods of breaking in to a system. Just some hints on known attacks other than the OWASP vulnerabilities.

My system is nginx,apache,php,mysql on Linux CentOS.

+4  A: 

Anyone asking such a vague question is so far from (web)security that he is not able to do a penetration test himself. So I would recommend to hire a penetration tester and let him do the work.

No offense meant, by the way

Henri
Not to mention that another, less biased person might be more likely to find problems than the person who wrote the code.
WhirlWind
I think my question just compliments the points you guys are making. You guys do not know my code, so I thought it would be even better. And before I let a professional go trough the code and do a thorough job it does not hurt to do some initial testing myself with help from the stackoverflow professionals. You guys know a lot, don't know my code, it does not hurt you in any way. If I can only find one single hole in the system because of you it would mean less work for the professional.
Saif Bechan
Saif Bechan, It is not true that if you test you're code a professional has less work. He still has to test the _whole_ website (either blackbox or whitebox, doesnt make a difference).However, if you still want to do some work, google for XSS, Sql injection, XSRF. These are the most common webapp security vulnerabilities. Also, you might want to try google skipfish, its a new tool of Google that does automated scanning of you webapp. I have to warn you that it gives a lot of false positives (i.e. non bugs marked as bug).
Henri
Yes i have covered the obvious, OWASP vulnerabilities. I doubt these are the only things to worry about nowadays. Thank you for your time to comment anyway.
Saif Bechan
This is a completely empty answer because you don't even know the first step in breaking into a server.
Rook
There is not general first step in breaking into a server since that depends on the setup. The only real first "step" is researching your target and getting as much info as needed/possible before you perform any kind of attack
Henri
@Henri: In your case the first step would be researching your target and gathering the information. That looks like a step to me. Secondly a large majority of hacked website are hacked by bots and scanners. They just try things and look if they get a hit. If I would want to take down a website I would first try 'canned' approach before going trough the trouble of studying the whole website. I am stunned by the way some of you fail to see this.
Saif Bechan
@Henri: Step 1) Vulnerability scanner like Acunetix and OpenVas.
Rook
A: 

You can't, that's the point. Hackers think of the things that you didn't.

Which is why it would be best to hire someone or ask a friend if you have any technically saavy ones.

Spencer Ruport
I asked this question because you guys can think of things I can't think of. And I find you guys to be 'technically saavy'.
Saif Bechan
What if a hacker is the one writing the application?
Rook
+1  A: 

There are dozens of security scanners for websites out there that will run all the common hacks against your website for you. Here's a list of 10 of them.

That said, you should probably seek the help of a professional security consultant, somebody who can do more than just run the scanner.

Randolpho
Thank you I will read trough and test some of them
Saif Bechan
+1  A: 

You could try skipfish, which is "a fully automated, active web application security reconnaissance tool". Never used it myself, but it made a little splash when it was open sourced a while ago.

Max Shawabkeh
+1 I really like this application. The interface looks nice and it has some nice features. This is the first thing I am going to work with. Thank you for the recommendation.
Saif Bechan
+2  A: 

Security testing is a vital before deployment of any application or code update.

Acunetix will produce the best results for finding vulnerabilities in your web application. Wapiti is a good open source vulnerability scanner. If you want to go beyond finding vulnerabilities and you want exploit them, then you need w3af. OpenVAS is good at looking at the overall secuirty of your server, Metasploit is good for exploiting the results from an OpenVAS scan. You will also want to run PHPSecInfo to see if php is misconfigured. If you want more information on writing exploit code for LAMP I recommend reading A Study In Scarlet.

For practice finding and exploiting vulnerabilities for LAMP I recommend getting a copy of Damn Vulnerable Web App. Which shouldn't be confused with Damn Vulnerable Linux, which is also cool.

Rook
+1 Thank you for the fine answer. I have read trough most of the links you supplied. Some are a little too much for me but I can definitely look at them and have some idea of what some evil minds think of.
Saif Bechan