How to test if your site is really secure? - Webmaster Forums - Webmaster forum for HTML, PHP, ASP, CSS and more

RTrev · 02-18-2007, 06:54 PM

I've got a new 1&1 site, and being a complete newbie I'm not sure how to go about finding out if the basic security measures I've put in place are sufficient.

Are the any inexpensive services which will examine a site and look for vulnerabilities?

Are there any folks who would do this just for the fun of it?

I have a couple directories which are password protected via .htaccess, and I have one where I'm working on a project that people can access via SSL but I want to make sure nobody can obtain the .php files in that directory.

Anybody have any suggestions how to test my security?

Thanks,
Bob

tahera · 03-16-2007, 05:57 AM

Try infoLock Technologies - Insider Threat Management Experts

it maybe of ur help!!

RTrev · 03-16-2007, 07:12 AM

Quote:

Originally Posted by tahera

Try infoLock Technologies - Insider Threat Management Experts

it maybe of ur help!!

I'll check them out. Thanks!

Web · 03-16-2007, 07:49 AM

Please let me know how it works. I'm interested in the same services and would like to know if you're pleased with them

RTrev · 03-16-2007, 08:05 AM

Quote:

Originally Posted by Web

Please let me know how it works. I'm interested in the same services and would like to know if you're pleased with them

Well, from an initial read of the site, they seem to be exclusively focused on *internal* risks, such as users plugging in their USB dongles, etc. I don't see anything about evaluation of *external* threats.

The kinds of things I'm wanting to know include:

- Can a spybot or person access private data in directories which are locked via .htaccess and .htpasswd ?

- Is it really true that there's no way to access my PHP code?

- Am I vulnerable to anything in particular which I should know about due to my web host running older versions of software which have later been patched for security holes?

It's that sort of assessment that a newbie could really benefit from, and that I would want answers to before putting anything very substancial on the site.

Web · 03-17-2007, 07:29 AM

I had the same philosophy before inplementing any form actions on my sites. I asked such questions in endless forums and came to the conclusion that there are a very small amount of hackers out there who probably can hack your site irrespective of your security precautions - thus security at best is a plan of quick response after the intrusion has been detected - but you'll probably be asking around for years before you find such a person with such supreme security/hacking knowledge.

if you have due money or necessary determination, try reading this and contacting the author: Web Security with PHP

RTrev · 03-17-2007, 11:19 AM

Quote:

Originally Posted by Web

I had the same philosophy before inplementing any form actions on my sites. I asked such questions in endless forums and came to the conclusion that there are a very small amount of hackers out there who probably can hack your site irrespective of your security precautions - thus security at best is a plan of quick response after the intrusion has been detected - but you'll probably be asking around for years before you find such a person with such supreme security/hacking knowledge.

if you have due money or necessary determination, try reading this and contacting the author: Web Security with PHP

Hopefully those elite hackers will find bigger fish to go after than my little site.

Thanks, I'll go check out that link.

Bob