Re: security question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



dear richard,

yours was an amazing reply... simple and true ....and well written...

where did u learn all the stuff?... ;-)

anyway. is there a step by step process for checking if your site is secure?... i know you would say to get a hacker or something... but as a programmer, i would like to know (some) more info...

i use GET instead of POST for most of the forms... even in a shopping cart or admin panel... do u think that is risky?

one the biggest threat is sql injections and now xml injections... but can u give some more info... like what commands do i need to use and what part of the website do i need to check?...

what is penetration and black box testing for a php website....?

is there any software for this kind of testing... some part of the process can be automated... like grabbing all the links or urls and purposely bombarding them with sql statements.

if i do the same from a professional, what should be a average cost for testing a website for security?...

also
> Security is not something one can just slap on to the site after one
> finishes it -- It has to be a living breathing process that is in
> symbiosis with the life-cycle of the project.
>

that is a beautiful statement...

thanks a lot...

sumeet


Richard Lynch wrote:
On Wed, November 22, 2006 11:20 am, Alain Roger wrote:
Now that i finished the client side of the web application i would
like to
improve the security of my administration side of this web
application.
My web hoster support a shared SSL protocol, however i would like to
do more
than simply use the SSL...

I think the amazing thing is that you just used "simply" and "SSL" in
the same sentence... :-)

SSL is a VERY safe way to ensure that the data traveling from the
browser to the server, and data going back from server to browser, is
secure in transit.

SSL is pretty much the armored truck ploughing its way through the
Internet, shedding bullets like a duck sheds water.


Security is not something one can just slap on to the site after one
finishes it -- It has to be a living breathing process that is in
symbiosis with the life-cycle of the project.



--
Thanking You

Sumeet Shroff
http://www.prateeksha.com
Web Designers and PHP / Mysql Ecommerce Development, Mumbai India

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux