PHP Developers Network
http://forums.devnetwork.net/

Expose_PHPSecurity
http://forums.devnetwork.net/viewtopic.php?f=34&t=144622
Page 1 of 1

Author:  chemseddine [ Mon Nov 06, 2017 4:49 am ]
Post subject:  Expose_PHPSecurity

Hi everyone ,
Do you know Expose library (based on PHPids), it is an Intrusion Detection System for PHP, i want to know if this one is usefull to protect a web application ? if it does do anyone have more infromation about how to use it (install, use). If not do you know any other library that can help detecting intrusion (XSS, SQL Injection, ..)

I need your help
Thank you very much :D

Author:  VladSun [ Mon Nov 06, 2017 5:14 am ]
Post subject:  Re: Expose_PHPSecurity

I made a lot of research once and currently I use http://www.arachni-scanner.com/ for security pent-tests - easy configurable, low false positives rate, test automation friendly, nice reports.

Author:  chemseddine [ Mon Nov 06, 2017 6:03 am ]
Post subject:  Re: Expose_PHPSecurity

Thank you very much

VladSun wrote:
I made a lot of research once and currently I use http://www.arachni-scanner.com/ for security pent-tests - easy configurable, low false positives rate, test automation friendly, nice reports.

Author:  VladSun [ Mon Nov 20, 2017 6:52 am ]
Post subject:  Re: Expose_PHPSecurity

Syntax: [ Download ] [ Hide ]
 

<project name="pen-test" default="build">

  <property name="scan.url" value="http://pen-test.testing.jenkins" />

  <property name="scan.report.file" value="${basedir}/reports/pen-test.afr" />
  <property name="scan.report.html.file" value="${scan.report.file}.html.zip" />
  <property name="scan.report.json.file" value="${scan.report.file}.json" />

  <property name="scan.parameter.scope-auto-redundant" value="10" />
  <property name="scan.parameter.scope-dom-depth-limit" value="100" />
  <property name="scan.parameter.browser-cluster-pool-size" value="10" />
  <property name="scan.parameter.http-response-max-size" value="5000000" />
  <property name="scan.parameter.http-request-timeout" value="10000" />
  <property name="scan.parameter.platforms" value="linux,apache,php,sql,mysql" />
  <property name="scan.parameter.http-request-queue-size" value="255" />

  <property name="scan.login.url" value="${scan.url}/login" />
  <property name="scan.login.parameters" value="user=${scan.username}&amp;pass=${scan.password}&amp;action=login" />
  <property name="scan.login.check" value="Penetration testing user" />

  <target name="full-scan-members-area" description="Run all attacks to members area">
    <exec executable="${arachni.home.dir}/bin/arachni">
      <arg value="${scan.url}" />
      <arg value="--output-verbose" />
      <arg value="--scope-exclude-pattern" />
      <arg value="\/en\/" />
      <arg value="--scope-exclude-pattern" />
      <arg value="\/nl\/" />
      <arg value="--scope-exclude-pattern" />
      <arg value="\/bg\/" />
      <arg value="--scope-exclude-pattern" />
      <arg value="logout" />
      <arg value="--browser-cluster-pool-size=${scan.parameter.browser-cluster-pool-size}" />
      <arg value="--scope-auto-redundant=${scan.parameter.scope-auto-redundant}" />
      <arg value="--scope-dom-depth-limit=${scan.parameter.scope-dom-depth-limit}" />
      <arg value="--http-response-max-size=${scan.parameter.http-response-max-size}" />
      <arg value="--http-request-timeout=${scan.parameter.http-request-timeout}" />
      <arg value="--http-request-queue-size=${scan.parameter.http-request-queue-size}" />
      <arg value="--platforms=${scan.parameter.platforms}" />
      <arg value="--checks=*" />
      <arg value="--plugin=autologin:url=${scan.login.url},parameters=${scan.login.parameters},check=${scan.login.check}" />
      <arg value="--plugin=metrics" />
      <arg value="--session-check-pattern=${scan.login.check}" />
      <arg value="--session-check-url=${scan.url}" />
      <arg value="--report-save-path=${scan.report.file}" />
    </exec>
  </target>

  <target name="generate-reports" description="Generate reports">

    <exec executable="${arachni.home.dir}/bin/arachni_reporter">
      <arg path="${scan.report.file}" />
      <arg value="--reporter=html:outfile=${scan.report.html.file}" />
    </exec>

    <exec executable="${arachni.home.dir}/bin/arachni_reporter">
      <arg path="${scan.report.file}" />
      <arg value="--reporter=json:outfile=${scan.report.json.file}" />
    </exec>

    <exec executable="/usr/bin/unzip" failonerror="true" >
      <arg path="${scan.report.html.file}" />
      <arg value="-d" />
      <arg path="${basedir}/reports/html" />
    </exec>

  </target>

</project>
 


An Ant build file example (run by Jenkins, Linux env)

Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/