On Fri, Mar 21, 2008 at 1:52 PM, tedd <tedd@xxxxxxxxxxxx> wrote: > Also, is there a way to spider through a remote web site gathering > directory permissions? I should hope not. > > If not, can one attempt to write a file and record the > failures/successes (0777 directories)? I don't know if you've thought about it like this, but can people just upload files to your site? It has to run through a form somewhere. > What I am trying to do is to develop a way to test if a web site is > secure or not. I'm not trying to develop evil code, but if it can be > done then I want to know how. People do "pen tests" using fuzzers and such but most people agree the only real way to do it is by having a human attempting different things. You might want to take a look at the OWASP Top 10 [1] to get a better idea of what to look for. [1] http://www.owasp.org/index.php/Top_10_2007 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
