dear richard,
yours was an amazing reply... simple and true ....and well written...
where did u learn all the stuff?... ;-)
anyway. is there a step by step process for checking if your site is
secure?... i know you would say to get a hacker or something... but as a
programmer, i would like to know (some) more info...
i use GET instead of POST for most of the forms... even in a shopping
cart or admin panel... do u think that is risky?
one the biggest threat is sql injections and now xml injections... but
can u give some more info... like what commands do i need to use and
what part of the website do i need to check?...
what is penetration and black box testing for a php website....?
is there any software for this kind of testing... some part of the
process can be automated... like grabbing all the links or urls and
purposely bombarding them with sql statements.
if i do the same from a professional, what should be a average cost for
testing a website for security?...
also
> Security is not something one can just slap on to the site after one
> finishes it -- It has to be a living breathing process that is in
> symbiosis with the life-cycle of the project.
>
that is a beautiful statement...
thanks a lot...
sumeet
Richard Lynch wrote:
On Wed, November 22, 2006 11:20 am, Alain Roger wrote:
Now that i finished the client side of the web application i would
like to
improve the security of my administration side of this web
application.
My web hoster support a shared SSL protocol, however i would like to
do more
than simply use the SSL...
I think the amazing thing is that you just used "simply" and "SSL" in
the same sentence... :-)
SSL is a VERY safe way to ensure that the data traveling from the
browser to the server, and data going back from server to browser, is
secure in transit.
SSL is pretty much the armored truck ploughing its way through the
Internet, shedding bullets like a duck sheds water.
Security is not something one can just slap on to the site after one
finishes it -- It has to be a living breathing process that is in
symbiosis with the life-cycle of the project.
--
Thanking You
Sumeet Shroff
http://www.prateeksha.com
Web Designers and PHP / Mysql Ecommerce Development, Mumbai India
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php