Re: hackers?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

on 12/24/2004 03:01 AM Chris Shiflett said the following:
--- Sebastian <sebastian@xxxxxxxxxxxxxxxxxxx> wrote:
im looking for a person or a place that will check or try
to "break" a site.

This is the least effective means of auditing an application. Letting an experienced person review your code is much, much better.

It depends on what kind of vulnerabilities you want to audit. often some sites are vulnerable, not because of the code of site itself, but rather wholes in the third party software that they rely.

Many of the security breaches are perform by script kiddies that use
exploit scripts that take advantage of holes in known applications such
as Web servers, database servers and even PHP itself.

Auditing the actual site code is not a bad idea but many companies are
not confortable with the idea of an outsider to look at their code and
learn details about the site that may be part of its business secret and
so they would be worth selling to competitors.

The services of trustworth auditors are often not cheap. A cheaper
alternative is probably training the site developers to write secure
code and audit the applications regularly.

--

Regards,
Manuel Lemos

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/

Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux