[PHP] Free penetration test: my 2¢
Hi all I would like to thank everybody for helping me. Quite honestly, I didn't even remark the referal id. I guess that's because if your looking at links all day long, you kinda block certain things. Like seeing only the hostname part of urls. Secondly, as far as I am concerned, no harm's done since I specifically asked for free (as in price), I wasn't planning signing up for any paid service at all. So like someone said 35% of nothing is still nothing right? Except, some sites give a (small) buck on referals regardless of signing up. Thirdly, despite what I said previously, which was said after a very long day, and where I was very tired and confusing heads for tails, I do find that anyone who gives a link, and adds a referal id to it, “should” add a disclaimer to the message stating their affiliation. Being shy for money myself, I can understand that someone will take any and all oportunity to make an extra buck, but doing it this way is not very honest. Show your professionalism, add that disclaimer, people will respect you more for it. Thank you all for your help and thank you PHP! Keep up the good work With kind regards Andy Pieters Straight-A-Software -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/>E$ d-(---)>+ s:(+)>: a--(-)>? C$(+++) UL>$ P-(+)>++ L+++>$ E---(-)@ W+++>+++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e>$@ h++(*) r-->++ y--()> -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Free penetration test
Chris Shiflett wrote: Andy Pieters wrote: I am looking at where I can get my system tested for penetration. [ snip ] You might want to check out the links Christophe mentioned, as these provide free advice, which seems to be more along the lines of what you want. I recently stumbled onto Open Web Application Security Project [ www.owasp.org ]. Although not PHP-specific, they have some good stuff wrt securing web applications. They also have some php functions for sanitizing data, but the real good stuff is in their guides. Might be worth a click. Oh and Chris -- I loved your PHP Security writeup that you had posted on your website a while back. Keep up the good work. Regards, Burhan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Free penetration test
Andy Pieters wrote: I am looking at where I can get my system tested for penetration. We offer penetration testing at Brain Bulb, but I always try to convince clients to let us perform a security audit instead. Auditing the code allows us to be much more productive and thorough, plus we can identify theoretical weaknesses in addition to the practical ones. In addition to being less useful, penetration testing tends to be much more expensive, because it requires more time and effort. The only reason we offer the service is that some companies are uncomfortable sharing their code with anyone, regardless of NDAs and such. You might want to check out the links Christophe mentioned, as these provide free advice, which seems to be more along the lines of what you want. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Free penetration test
Gee, I wonder why this one ended up in my spam folder. ;) -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Free penetration test
Andy Pieters a écrit : > I am looking at where I can get my system tested for penetration. Probably on the world "wild" web :-) More seriously, there are companies doing that, but it can be expensive. > http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/ > > It is actually a kind of CMS system so if someone gets in, create a page with > the cms as proof. You'll get only a few basic checks if you give only that URL. Ex: check if special input dont lead to usefull display of errors, or if .htaccess can't be simply retreived, etc To get a better sense of security, it's best to show the code (or at least the relevant parts) : Security through obscurity isnt the best idea, as you probably know. Of course, if you can't provide the code for various reasons, you can audit the code yourself, after reading some documentation about (PHP) security. Some links below can help you. Christophe PHP Manual -- IV. Security http://www.php.net/manual/en/security.php PHP Security Guide http://phpsec.org/projects/guide/ PHPSec Library http://phpsec.org/library/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Free penetration test
Hi all I am looking at where I can get my system tested for penetration. In case someone here would like to have a go This is the url http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/ It is actually a kind of CMS system so if someone gets in, create a page with the cms as proof. Kind regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/>E$ d-(---)>+ s:(+)>: a--(-)>? C$(+++) UL>$ P-(+)>++ L+++>$ E---(-)@ W+++>+++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e>$@ h++(*) r-->++ y--()> -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php