Andy Pieters a écrit : > I am looking at where I can get my system tested for penetration. Probably on the world "wild" web :-) More seriously, there are companies doing that, but it can be expensive. > http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/ > > It is actually a kind of CMS system so if someone gets in, create a page with > the cms as proof. You'll get only a few basic checks if you give only that URL. Ex: check if special input dont lead to usefull display of errors, or if .htaccess can't be simply retreived, etc To get a better sense of security, it's best to show the code (or at least the relevant parts) : Security through obscurity isnt the best idea, as you probably know. Of course, if you can't provide the code for various reasons, you can audit the code yourself, after reading some documentation about (PHP) security. Some links below can help you. Christophe PHP Manual -- IV. Security http://www.php.net/manual/en/security.php PHP Security Guide http://phpsec.org/projects/guide/ PHPSec Library http://phpsec.org/library/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
