SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast dakine's Avatar
    Join Date
    Dec 2006
    Posts
    82
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation Login Strength Test Methods? Try and Break it...

    Does any one have a list of things to try and see if the login will break?

    I know there is a handful of sql things like escaping the string but is there anything else?

    Maybe something to mess with the session?? I want to know that my sites are safe

    Thanks,
    Mark

  2. #2
    Worship the Krome kromey's Avatar
    Join Date
    Sep 2006
    Location
    Fairbanks, AK
    Posts
    1,621
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Things to Google for to learn more about:
    SQL Injection (validate or escape all user input before inserting into SQL; better would be to use PDO)
    Session hijacking (much debate on how to counter it; search this forum for countless debates on the topic)
    XSS (only applies when displaying user input; use htmlspecialchars to avoid)
    Brute force attacks (again much debate on how to counter; the only consensus seems to be that you can't rely on sessions to count login attempts)

    That should be enough to get you started.
    PHP questions? RTFM
    MySQL questions? RTFM

  3. #3
    SitePoint Enthusiast dakine's Avatar
    Join Date
    Dec 2006
    Posts
    82
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cheers Kromey

  4. #4
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Bookmark and read the scary Xss cheat sheet.

  5. #5
    SitePoint Addict tbakerisageek's Avatar
    Join Date
    Sep 2006
    Posts
    213
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you were truely interested in security you could always use http://www.scanalert.com/ Scan Alert's Hacker safe. They test daily and allow you to display a badge on your site upon the successful security test.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •