Testing Web Application Security Vulnerabilities

Question

Testing Web Application Security Vulnerabilities

Many companies use CMS software, which is regularly updated, often security fixes, implying that the previous version has security vulnerabilities. But most customers never updated this, or even the CMS was changed, so updating would break the site. Are there sites that document these exploits and instruct how to test them? Or is this information not even published? (so that people do not try to use them)

Also there is a generic php / js based checklist to prevent hacking attempts? I know about SQL injection and XSS, but I'm sure there are more threats.

Peace

+5

php content-management-system exploit

Moak May 10, '10 at 11:16

source share

2 answers

Henri · Answer 1 · 2010-05-10T11:22:17+0000

Sites that catalog all of these vulnerabilities, such as

Security focus
milW0rm
packetstormsecurity

The basic checklist for webapps can be found in OWASP, which is a very common checklist.

http://www.owasp.org/index.php/Top_10_2010-Main

Gabriel Poama-Neagra · Answer 2 · 2010-05-10T11:31:48+0000

SQL injections and XSS attacks are solved by analyzing all the information that gets into your code (adds, removes "tags", etc.); The magic emulation quotes and register_globals have disabled issues from my point of view. Be careful, I don’t know exactly when, but magic_quotes will be deprecated, so do not count on it.

? , . , , , / . , , : index.php? Page = images & action = delete & id = 2, . " " - . , .

, . FTP-, (IFrame- ), .

: , SQL- XSS, , , ( , , , /, ). , , , - .

, ;

,

Testing Web Application Security Vulnerabilities

More articles: