Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
Has anybody ever heard of HackerSafe? I see this seal all over the place, and to me it seems like a crock of crap. Do these people actually test your site for hacker... "safe-ness"? I have a feeling they do some automated checks and then issue you a seal. Whenever I see this seal I just feel like hacking that site just to spite the stupid seal.
EDIT: Theory confirmed:
Web application testing is the third phase of ScanAlert's daily security audit, and perhaps the most important. According to analyst firm Gartner Group, an estimated 70% of all security breaches today are due to vulnerabilities within the web application layer. Traditional security mechanisms such as firewalls and IDS' provide little or no protection against attacks on your web applications. During this testing phase, all HTTP services and virtual domains are checked for the existence of potentially dangerous modules, configurations settings, CGIs and other scripts, and default installed files. The web site is then "deep crawled," including flash embedded links and password protected pages, to find forms and other potentially dangerous "interactive elements." These are then exercised in specific ways to disclose any application-level vulnerabilities such as code revelation, cross-site scripting and SQL injection. Both generic and software specific tests are performed in order to uncover misconfigurations and coding error vulnerabilities.
Last edited by Luke on Thu May 31, 2007 11:28 am, edited 1 time in total.
I say the best way to prove that you're site is "hacker-safe" is to anger a hacker. Take his girlfriend... Make fun of him on his hacking forum... Taunt him with things like "You couldn't hack my site if you tried!" and "I have my credit card information hidden in one of my SQL tables!"
Then, after he hacks it, he'll give you a permanent "Not-Hacker-Safe" sticker.
Ninja, that's twice you've used that spany smilie today. Makes me wonder...
Anyway, their site is garbage, there services are garbage, but they have a pretty seal. Of course, anyone can get one with a right mouse click, so I suppose it isn't that cool, but it might make a hacker think twice about skipping your site, so I guess it is worth the money.