Page 1 of 1

How to find a resource: Security Audit

Posted: Thu Nov 16, 2006 12:45 pm
by maxd
Our small company has been building Web sites for 9 years, but only in the past 2 have we started using PHP and MySQL. Most of our sites were static HTML, then ColdFusion. Increasingly, we are using PHP.

I am at best an amateur PHP developer, and while my business partner is an expert programmer, his specialty is multimedia, so Lingo is his area of expertise. I frequently post to this board and receive excellent assistance from the community of developers here. It has occurred to me recently, based on the responses to a couple of my questions, that the code I am creating may well be...er...inadequate. :oops: Especially when it comes to security.

I'm wondering if anyone has recommendations for finding reliable, expert assistance, paid, to provide audit services for some of our development projects. Our clients have gotten bigger, and I'm increasingly concerned about the possibility of these larger targets attracting unwanted attention, and my code being well-below standards for protecting our clients from embarassment/catastrophe. 8O

I tried finding a PHP Users Group in Denver (where we're located), but there doesn't seem to be a lot out there.

Thanks for your input.

Posted: Thu Nov 16, 2006 1:28 pm
by RobertGonzalez
You could always post in Job Hunt that you are looking for a PHP Security Consultant/Analyst. There are plenty of people around here that have a knack for Security (to me that would most noticeably be Maugrim the Reaper), but there are others that are really expert level PHP Security guru's.

Posted: Thu Nov 16, 2006 1:37 pm
by maxd
You could always post in Job Hunt that you are looking for a PHP Security Consultant/Analyst. There are plenty of people around here that have a knack for Security
I was just browsing through the jobs forum, contemplating the same idea.

I guess what I was hoping was, someone would say "Oh, what about XYZ? He/she/they/it lives in Colorado!" For whatever reason, I'm hoping to find a local resource. Very old-fashioned of me, I know. I feel a bit strange turning over the keys to a couple of these sites to someone I've never met. No offense meant to anyone! :P

Perhaps we will post in the Jobs forum. I'll discuss with my partner.

Thanks!
max

Posted: Thu Nov 16, 2006 1:47 pm
by timvw
I find that a bit odd since i don't know very much script kiddies that think: hey, he lives in the same area... ;)

Posted: Thu Nov 16, 2006 1:55 pm
by RobertGonzalez
maxd wrote:I feel a bit strange turning over the keys to a couple of these sites to someone I've never met. No offense meant to anyone! :P
No offense taken (I'd hope by anyone). It is perfectly understandable. At some point however you are going to have to turn it over to someone that you may not know, so keep that in mind as well. Of course, ultimately you are the decision maker when it comes down to turning it over at all, but it is always a good idea to have someone review your code before pushing it live.

Posted: Thu Nov 16, 2006 2:34 pm
by maxd
I find that a bit odd since i don't know very much script kiddies that think: hey, he lives in the same area.
Certainly, that was wishful thinking.