All geek questions in one place

Testing against hacking attempts

I want to make sure that my site is protected from hacking attempts, and I believe that the best way to check is to try to hack my site myself. What things do hackers do to try to hack my site?

For instance,

Test - they can put javascript in the input field, for example,

<"open javascript tag">window.location = "www.somewhereelse.com";<"end javascript tag">

Protection - Use the php htmlentities function before displaying data.

What other things can I check to make sure my site is safe?

+6
source share
7 answers

Here you will find an extensive list of attacks: https://www.owasp.org/index.php/Category:Attack

+6
source

The most common thing you should protect is MySQL injection. Just create a function that pre-checks each mysql_query.

Here is a cheat sheet of what might go wrong.

+3
source

The best choice is to use a vulnerability scanner. I can recommend Acunetix, on Windows, nikto2 is a cross platform and free, nessus is, I would say, a leader.

+1
source

There are companies that specialize exclusively in the Penetration Test, which uses a variety of manual and automated methods to test your application. It would be a huge task to learn the methods and do it yourself.

However, you could take a look at yourself: Cross-Site-Scripting (XSS), SQL Injection, Cross-Site Request Forgery (CSRF), etc. Few Google should get all the information you need on those.

0
source

Since I understand that you do not have any attacking (aka ... defensive) knowledge, the best solution in your case is to use some automatic vulnerability scanners.

For Windows, I can offer Nessus - a very good solution and for free if you get the Nessus Home activation code .

In addition, Acunetix is ​​a very pleasant solution (perhaps the best commercial), which has a free version .

Last (but not least) a very good and reliable source, you can find here !

0
source

Look at this Hack This Site.

There are many problems when you find out what you are asking for.

0
source

I think the best way for you is to run a vulnerability scan on your website. There are many ways hackers can get to your site, and many of them will be Social-Engineering using untrusted software. therefore, be sure to update your site as soon as possible every time a patch is released.

I will recommend you ask a hacker who does not know your personal identity to try to hack your site.

0
source

Source: https://habr.com/ru/post/889850/

More articles:


All Articles