Actually the topic. How can I check my self-written(PHP) website for vulnerabilities?
Who does what? How is this done in “people”?)
Verification is more than simple:
- The lack of a single entry point with white list filtering of all user input data is already in 99.9% of cases – 100% vulnerability in the code.
- The absence of a single class / PDO and prepared expressions for database queries is the same story.
- The lack of configuration settings .htaccess and setting / checking server environment variables – the same story.
- Absence of shielding tags when outputting to a template – XSS-attack is possible.
For details, see here https://www.creativebloq.com/web-design/website-security-tips-protect-your-site-7122853
I will add that the settings of the server on which the site rotates are also played. There should be a suitable firewall, which parasitic requests can cut, not bringing to Apache, or under the cham there the site rotates.
Well, other server security policies are also important, for example, the restriction on password brute force, direct login under root and so on, because An attacker can gain access to even a very secure site in addition to the site code.
As for php itself, first of all you need not to trust user data, because this is a direct way to catch SQL injections. Catch XSS, etc.
Good question. And it’s great that at least some of the programmers started asking them.
In order to find errors you need to understand what exactly you want to find.
There are classic mistakes that we all make.
Here is a good guide with examples from OWASP.
You can learn to find errors yourself by encountering a malicious service request. For this, too, there are norms guides. https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
But this only applies to vulnerabilities in the web application.
Still sticking out the vulnerable ports, weak passwords, errors in the configuration of the web server and applications. Well, specific bugs for the framework and language.
For a first look and an assessment of how bad everything is, you can try scanners, the picture will be more or less complete.
Acunetix, Qualys, Detectify, Tinfoil.
And what about the offices that offer coolhackers services for piece of money? A pier we will find, we will break, we will fix, etc. Is it worth it?
I also saw on forums like a-chat they throw a link to a resource and everyone who is not too lazy trying to break something, get somewhere. Well, they offer “help” Someone for a money, and someone just to live is boring .. (more like a scam and probably cram all sorts of shells, etc. But ideally, probably the most “quality” option)
Want problems – no problem)