I need to test the data security of some HTML forms that are processed by PHP and eventually inserted into MySQL. I've tested a lot of bogus values and SOME malicious code, and I've already sealed all HTML/javascript holes, but I'd like to be as thorough as possible with the server-side stuff now.
So, got any more examples of code that I could put in a textbox that would harm the server? There are a lot of forms on this site and they're handled in several different ways.
Cracker code?
Moderator: General Moderators
- mrvanjohnson
- Forum Contributor
- Posts: 137
- Joined: Wed May 28, 2003 11:38 am
- Location: San Diego, CA
Might be best to get a product to do this for you. We just got done evaluating WebInspect from SpyDynamics. Not cheap, as a maater of fact very exspensive, but does a great job. We are currently trying to get approval to purchase the product. They do offer a Free-Demo but you need to talk to a sales person who will then limit the IP address range. But it does a really good job finding Cross Scripting problems and SQL injections.