SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Evangelist ashattuc's Avatar
    Join Date
    Aug 2002
    Location
    Boise, Idaho
    Posts
    411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Who to hire to test security of php site?

    Hello,

    Are there firms out there that will actively try to crack a php-based site as a service? I'd love to know if I could hire someone to test out a couple of my sites for at least the most common security vunerabilities.

    Thanks!
    Chris
    Chris S.

    Free Web Scripts - Form generators, AJAX tools and more!
    Micro CMS - A totally free AJAX-based, SEO-ed CMS!

  2. #2
    SitePoint Evangelist superuser2's Avatar
    Join Date
    Aug 2006
    Posts
    598
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    A real actual person thinking creatively and putting in effort is going to cost $$$$$$. Most "web security" companies/consaultants use a web scanner:

    http://www.acunetix.com/

    https://chorizo-scanner.com/

    To name a couple.

  3. #3
    SitePoint Wizard HarryR's Avatar
    Join Date
    Dec 2004
    Location
    London, UK
    Posts
    1,376
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Personally I think Acunetix is a sub-par product, whereas Chorizo scanner isn't very useful from a blind perspective.

    Although the automated scanners can be useful (as an initial discovery and spidering utility), eventually it comes down to a real person manually going through the website and analysing possible problems.

    But yah, it costs a lot of money to do this sort of thing because 1) it's time consuming and 2) because the skill level required is high.

    I could probably offer to go through a couple of your sites, but I'm not a full time security consultant, so although my PHP & general security knowledge may be up to scratch - it just wouldn't compared to what's offered by the professional security consultants.

  4. #4
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Security isn't something that you apply as a separate layer, on top of the application; It's part of the application design, and as such not something you can specialise in. Basically, you need a competent programmer to go through the code, and look for issues.

  5. #5
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by kyberfabrikken View Post
    Basically, you need a competent programmer to go through the code, and look for issues.
    ....... and we're back to spending money again.....
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming

  6. #6
    SitePoint Evangelist superuser2's Avatar
    Join Date
    Aug 2006
    Posts
    598
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What about something like the hack-a-mac challenge? Put up a reward for someone who can steal admin access and then tell you how they did it.

    Although I don't know what your webhost would say to that, so I'm not sure.

  7. #7
    SitePoint Evangelist ashattuc's Avatar
    Join Date
    Aug 2002
    Location
    Boise, Idaho
    Posts
    411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Good call, superuser2! That's exactly the kind of idea I was looking for. Mad props!

    Thanks!
    Chris
    Chris S.

    Free Web Scripts - Form generators, AJAX tools and more!
    Micro CMS - A totally free AJAX-based, SEO-ed CMS!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •