How do you test website and web application for security?

[jamesburton2]

Hi,

I would like to know how you would test application and websites for security?

Can you recommend the best way of testing web applications for vulnerabilities?

Thank you

From
James Burton

[TheDoc]

A pretty good question that I unfortunately don’t have an answer to. I don’t build any web apps, so I’ve never really ‘tested’ anything there.

In WordPress I make sure to read a few security articles before going live and implement a few things, but that’s really about it.

I should probably take it a little more seriously!

Some of the backend guys around here might have a better idea.

[CodeGraphics]

@traq, I suppose you are talking about dynamic websites. I have a related, but different question here: https://css-tricks.com/forums/discussion/26912/website-hacking-i-have-a-question

[Alen]

https://etherpad.mozilla.org/5iHD1O6XeK

[saeed55sd]

hi, you should escape any data from your web application inputs and outputs:
if you are using MySQLi use real_scape function
if you are using PDO MySQL use quoteInto
and we have some function in php and even you can write your own preg_match and your own security function;

you should scape any execute syntax, style sheet, HTML comment tags, java script tags and on… functions and any special character

[Author]

Posts