vulnerability scanners

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
chidge
Forum Commoner
Posts: 29
Joined: Sat May 10, 2008 4:03 pm

vulnerability scanners

Post by chidge »

Hi all

I am getting to the end of a mammoth creation and learning curve or creating a PHP, JavaScript and MYSQL dynamic site with hand made CMS and public user input in the form of comments throughout the site.

I have many good books and have taken all the security measures mentioned but now I want to run a vulnerability scanner over my work to catch anything I have missed.

Money is tight so does anyone know of or can recommend some great open source vulnerability scanners to test my site on my dev server before I set it free into the wild?

Many thanks in advance for any advice/recommendations

I have come across these two

http://grendel-scan.com/

http://portswigger.net/
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: vulnerability scanners

Post by kaisellgren »

I know and I have tested lots of different vulnerability scanners. They are all crap. No automatic scanner can match human brains. You need to either learn to make secure code or get someone else to evaluate your code.
webmonkey88
Forum Newbie
Posts: 20
Joined: Fri Aug 14, 2009 4:30 am

Re: vulnerability scanners

Post by webmonkey88 »

the one that really does the damage is mysql injection, make sure you escape all your sql, and if you have a forum make sure they cant post javascript
Post Reply