Page 1 of 1

Cracker code?

Posted: Tue Oct 07, 2003 5:39 pm
by Unipus
I need to test the data security of some HTML forms that are processed by PHP and eventually inserted into MySQL. I've tested a lot of bogus values and SOME malicious code, and I've already sealed all HTML/javascript holes, but I'd like to be as thorough as possible with the server-side stuff now.

So, got any more examples of code that I could put in a textbox that would harm the server? There are a lot of forms on this site and they're handled in several different ways.

Posted: Tue Oct 07, 2003 6:02 pm
by mrvanjohnson
Might be best to get a product to do this for you. We just got done evaluating WebInspect from SpyDynamics. Not cheap, as a maater of fact very exspensive, but does a great job. We are currently trying to get approval to purchase the product. They do offer a Free-Demo but you need to talk to a sales person who will then limit the IP address range. But it does a really good job finding Cross Scripting problems and SQL injections.

Posted: Tue Oct 07, 2003 6:09 pm
by Unipus
Okay... got the files, but I guess I have to wait for the contact now.

In the meantime, if anyone has any suggestions, I'm still all ears.