How, what, by whom to check the site for vulnerabilities?

Noah asked 11 months ago

Actually the topic. How can I check my self-written(PHP) website for vulnerabilities?
Who does what? How is this done in “people”?)

10 Answers
Holland answered 11 months ago

Verification is more than simple:

  1. The lack of a single entry point with white list filtering of all user input data is already in 99.9% of cases – 100% vulnerability in the code.
  2. The absence of a single class / PDO and prepared expressions for database queries is the same story.
  3. The lack of configuration settings .htaccess and setting / checking server environment variables – the same story.
  4. Absence of shielding tags when outputting to a template – XSS-attack is possible.

For details, see here https://www.creativebloq.com/web-design/website-security-tips-protect-your-site-7122853

James answered 11 months ago
Matthew answered 11 months ago

I will add that the settings of the server on which the site rotates are also played. There should be a suitable firewall, which parasitic requests can cut, not bringing to Apache, or under the cham there the site rotates.
Well, other server security policies are also important, for example, the restriction on password brute force, direct login under root and so on, because An attacker can gain access to even a very secure site in addition to the site code.
As for php itself, first of all you need not to trust user data, because this is a direct way to catch SQL injections. Catch XSS, etc.

Oliver answered 11 months ago

Good question. And it’s great that at least some of the programmers started asking them.
In order to find errors you need to understand what exactly you want to find.
There are classic mistakes that we all make.
Here is a good guide with examples from OWASP.
https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet
You can learn to find errors yourself by encountering a malicious service request. For this, too, there are norms guides. https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
But this only applies to vulnerabilities in the web application.
Still sticking out the vulnerable ports, weak passwords, errors in the configuration of the web server and applications. Well, specific bugs for the framework and language.
For a first look and an assessment of how bad everything is, you can try scanners, the picture will be more or less complete.
Acunetix, Qualys, Detectify, Tinfoil.

Patrik answered 11 months ago

OWASP ZAP – will find all the necessary holes.

Rich answered 11 months ago

If the site is on WordPress, then try wpscans.com or wpscan scanner under Linux.

Boricurwh answered 11 months ago

And what about the offices that offer coolhackers services for piece of money? A pier we will find, we will break, we will fix, etc. Is it worth it?
I also saw on forums like a-chat they throw a link to a resource and everyone who is not too lazy trying to break something, get somewhere. Well, they offer “help” Someone for a money, and someone just to live is boring .. (more like a scam and probably cram all sorts of shells, etc. But ideally, probably the most “quality” option)

Peter replied 11 months ago

Want problems – no problem)