Results 1 to 5 of 5
Jun 26, 2007, 16:00 #1
Login Strength Test Methods? Try and Break it...
Does any one have a list of things to try and see if the login will break?
I know there is a handful of sql things like escaping the string but is there anything else?
Maybe something to mess with the session?? I want to know that my sites are safe
Jun 26, 2007, 16:04 #2
- Join Date
- Sep 2006
- Fairbanks, AK
- 0 Post(s)
- 0 Thread(s)
Things to Google for to learn more about:
SQL Injection (validate or escape all user input before inserting into SQL; better would be to use PDO)
Session hijacking (much debate on how to counter it; search this forum for countless debates on the topic)
XSS (only applies when displaying user input; use htmlspecialchars to avoid)
Brute force attacks (again much debate on how to counter; the only consensus seems to be that you can't rely on sessions to count login attempts)
That should be enough to get you started.
Jun 26, 2007, 16:19 #3
Jun 27, 2007, 00:29 #4
- Join Date
- Oct 2006
- France, deep rural.
- 17 Post(s)
- 1 Thread(s)
Jun 27, 2007, 11:40 #5
If you were truely interested in security you could always use http://www.scanalert.com/ Scan Alert's Hacker safe. They test daily and allow you to display a badge on your site upon the successful security test.