tags:

views:

90

answers:

2
+4  Q: 

Testing for security vulnerabilities on web applications

A lot of companies use CMS software that updates on the regular, often they are security fixes, implying that the previous version have security vulnerabilities. But most clients never upgrade this, or even the CMS has been modified so that an update would break the site. Are there sites that document these exploits, and instruct how to test for them? Or does this information not even get published? (in order not to have people try to exploit them)

Also is there a generic php/js based check list to prevent hack attempts? I know about SQL injections and XSS, but I'm sure that there are more threats out there.

Peace

+1  A: 

The sites which catalog all these vulnerabilities are for example

  • SecurityFocus
  • milW0rm
  • packetstormsecurity

The basic checklist for webapps can be found on OWASP, which is a very general checklist.

http://www.owasp.org/index.php/Top_10_2010-Main

Henri  2010-05-10 11:22:17
excellent, milW0rm and packetstormsecurity look very promissing
Moak  2010-05-10 12:38:42
+2  A: 

Hello,

SQL Injections and XSS attacks are both solved by parsing all the info that's getting to your code ( addslashes, remove "" tags and so on ); Magic quotes emulation and register_globals off solved the problems from my point of view. Be careful, don't know exactly when, but magic_quotes will be deprecated so don't count on that.

So what other threats are they ? From my experience, the most common human mistakes are related to the authentication. This does not mean that the user does not log in, but it means that an user can read/write info for other users. So, whenever you see a delete link like this : index.php?page=images&action=delete&id=2, try with another id, of another user's image. You should get an error sayings "not your image" or something. This is very very hard to check, so you must count on the developer's experience.

The second biggest problem I had was not related to the code but to the server. FTP passwords got stolen by viruses ( IFrame virus and others ), or the server was hacked using various brute force method.

The conclusion is : if you are sure you checked for SQL Injections and XSS attacks, the last thing you must do is solve the authentication problem ( once again, authentication means that the info you get/alter is YOURS ). People tend to be a little paranoid about the security issues but the most common hacks are not the developer's fault.

Hope this helps;

Best Regards, Gabriel

Gabriel Poama-Neagra  2010-05-10 11:31:48
Forgot to mention CSRF, which is very very very popular nowadays. Especially because the solution is not as straightforward as for xss/sqli
Henri  2010-05-10 18:58:58

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases