Login/Register
Testing against hacking attempts
Asked Answered
Solved phphtmlsecuritycracking
A

6

5

I want to make sure my site is protected against hacking attempts and I think the best way to test is to try and hack my site myself. What sort of things do hackers do to try and hack my site?

E.g.,

Test - they might put javascript in a input field e.g.,

<“open javascript tag">window.location = “www.somewhereelse.com”;<“end javascript tag”>

Protection - Use php htmlentities function before displaying data.

What other things can I test against to make sure my site is safe?

Asphyxiate answered 6/6, 2011 at 8:30 Comment(2)
No publicly accessible website is 100% safe. As long as it's online, it could be hacked one way or the other.Odel
Your web site could be 101% secure, but what about a 0day (web/ftp) server exploit? you're done.Earthling
L
6

You will find an extensive list of attacks here: https://www.owasp.org/index.php/Category:Attack

Lashelllasher answered 6/6, 2011 at 8:33 Comment(0)
B
1

The best choice is to use a vulnerability scanner. I can recommend Acunetix, on Windows, nikto2 - cross platform and free, nessus - i would say the leader.

Blevins answered 21/6, 2011 at 8:11 Comment(0)
V
0

There are companies that specialise purely in "Penetration Testing" which use a variety of manual and automated techniques to test your application - it'd be a huge task to learn the techniques and do it yourself.

However, you could have a look at the biggies yourself: Cross-Site-Scripting (XSS), SQL Injection, Cross-Site Request Forgery (CSRF) etc. A bit of a Google should get you all the information you need on those.

Vagabondage answered 6/6, 2011 at 8:35 Comment(0)
G
0

Since I understand that you have no any attacking (aka... defending) knowledge, the best solution in your case is to use some automatic vulnerability scanners.

For Windows I can suggest Nessus is a very good solution and free, if you obtain a Nessus Home activation code first.

Also, Acunetix is a very nice solution (maybe the best commercial out there) that has a free edition too.

Last (but not least) a very good and reliable source you can find here!

Gareth answered 21/4, 2015 at 20:11 Comment(0)
L
0

Have a look on this Hack This Site

There is lot of challenges where you will learn what you are asking for.

Logan answered 28/10, 2016 at 16:33 Comment(0)
J
0

I think the best way for you to go is to run a vulnerability scan against your website. There are numerous ways hackers can get into your website much of will be Social-Engineering, exploiting unpatched Software. so make sure to update your website as soon as possible each time there is a patch released.

I will recommend you ask a hacker who does not know your personally to try to hack your website.

Joejoeann answered 9/12, 2017 at 10:58 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.