Page 1 of 1

Seeking Security Testers

Posted: Wed Aug 31, 2005 1:38 pm
by blacksnday
Hello all!
I am in the process of writing a news posting type script
and have finally created the basic framework for it.

I have attempted to block many security holes such as
XSS/HTML/JAVASCRIPT/etc... and all seems good so far.

This is where I would like testers to see if they can exploit my script
then report back here what was or wasn't successful.
The only way I can think of that my script can be exploited right now
is from the submit forms, which I have done my best to protect.
There might be areas I have overlooked though.

You can view the dev site of my script at
http://www.vilificnews.info/

and can test the demo located at
http://www.vilificnews.info/dev

Thanks for the help :)

Posted: Sun Sep 04, 2005 5:09 pm
by Ashiro
I'm not willing to perform any tests on a site without some further guaruntee its your site otherwise my legal standing is weak.

What I will tell you however, is this: Your 'bash' formatting box/layer hangs over the comment box obscurring it. This happens in Firefox but not in IE. I suggest making the formatting correct in both browsers before bothering with 'security'.

Posted: Sun Sep 04, 2005 5:31 pm
by blacksnday
Could you attach a SS of how it looks in your browser?
On my comp everything looks fine in FF.

Also, is your Screen resolution at 1024x768?
What OS are you using?
At the top of all pages I have that little notice about screen resolution.

I have tested with different screen resolutions in IE and FF
and all has looked well enough for me on my comp.
I can only test from an Windows XP OS, and don't plan on
testing for Mac/other OS at this time.
If I can find supporters who use MAC or other client end OS
then I would be able to fully support those problems.

I am more concerned about code right now then I am with layout.
Eventually I will make sure all divs can adjust with most
screen resolutions.

I am not sure how to 'prove' I own the site, but you can send
an email to support at vilificnews.info.

Searh my name on these forums and you will see
all my posts so far have been about code for the above named website.

Re: Seeking Security Testers

Posted: Sun Sep 04, 2005 7:06 pm
by Roja
blacksnday wrote: This is where I would like testers to see if they can exploit my script
then report back here what was or wasn't successful.
Doing so is illegal in the US.

Accessing computer networks without permission (written), launching attacks across networks, and more are all Federal Offenses.

Even requesting such can fall under crime laws.

I understand that we'd all like the world to be a nice friendly place, but the reality is that people can go to jail trying to be "nice" - thanks to the laws.

If you want security testing done, please - hire someone with the experience to know how to perform the tests locally, avoiding legal issues.

In the alternative, you can always post code here, and we can test THAT, avoiding any legal issues for attacks.

Posted: Sun Sep 04, 2005 7:31 pm
by blacksnday
i see scripts having testers all the time.

anyways, your right.. forums dedicated to the development of php scripts is not
the best place to seek security related tests.

I stand corrected.

I will just use my sourceforge account and my projects website to seek
help. Thats the best place anyways, since then there can be no issues regarding
who owns and who doesnt.