Hello,
on 12/24/2004 03:01 AM Chris Shiflett said the following:
--- Sebastian <sebastian@xxxxxxxxxxxxxxxxxxx> wrote:im looking for a person or a place that will check or try to "break" a site.
This is the least effective means of auditing an application. Letting an experienced person review your code is much, much better.
It depends on what kind of vulnerabilities you want to audit. often some sites are vulnerable, not because of the code of site itself, but rather wholes in the third party software that they rely.
Many of the security breaches are perform by script kiddies that use exploit scripts that take advantage of holes in known applications such as Web servers, database servers and even PHP itself.
Auditing the actual site code is not a bad idea but many companies are not confortable with the idea of an outsider to look at their code and learn details about the site that may be part of its business secret and so they would be worth selling to competitors.
The services of trustworth auditors are often not cheap. A cheaper alternative is probably training the site developers to write secure code and audit the applications regularly.
--
Regards, Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
