Suggestions for "Torture Testing" a Membership site

mywebwork · 09-08-2009, 06:23 PM

Hi

A friend of mine has asked me to try and "attack" his membership site for the purposes of seeing if I can do it and thus expose any security holes he may have overlooked.

I'm a developer and programmer but not a hacker! I have written code to prevent common attacks like SQL injections and I have worked with encrypted data but I really don't know where to begin with this. But it is an interesting challenge, especially as I have a site of my own that I'd like to test as well!

I don't want to delve to deeply into the "dark" side of the web and the last thing I want to do is have this post become a repository of hackers tricks! What I was wondering was if anyone had any suggestions as to any standard tests that I could perform to see if he has all the basics covered?

Thanks

Bill

mywebwork · 09-09-2009, 06:57 AM

I believe that this is the first time I answered my own question - got a link from someone on Blellow that is an example of what I was looking for.

SQL Injection – How to Test Web Applications against SQL Injection Attacks

Actually this whole website is devoted to testing and evaluating software, so there are a lot of good resources for security testing here (although it's not exclusively for web sites & applications, it also covers desktop and server software).

Another good article I found here was this:

An approach for Security Testing of Web Applications

Again, if anyone else has a similar resource I'd love to know about it - anything that can help find (and eliminate) vunerabilities on our sites is a valuable resourse beyond this one project.

Thanks

Bill

lisag · 09-10-2009, 10:15 PM

WDVL: Securing PHP Web Applications - Introduction to Exploit Testing

09-08-2009, 06:23 PM	#1
mywebwork Senior Warrior Member War Room Member Join Date: Sep 2008 Location: Honolulu, Hawaii, USA & Montreal Canada Posts: 2,218 Blog Entries: 1 Thanks: 759 Thanked 724 Times in 505 Posts	Suggestions for "Torture Testing" a Membership site Hi A friend of mine has asked me to try and "attack" his membership site for the purposes of seeing if I can do it and thus expose any security holes he may have overlooked. I'm a developer and programmer but not a hacker! I have written code to prevent common attacks like SQL injections and I have worked with encrypted data but I really don't know where to begin with this. But it is an interesting challenge, especially as I have a site of my own that I'd like to test as well! I don't want to delve to deeply into the "dark" side of the web and the last thing I want to do is have this post become a repository of hackers tricks! What I was wondering was if anyone had any suggestions as to any standard tests that I could perform to see if he has all the basics covered? Thanks Bill

09-09-2009, 06:57 AM	#2
mywebwork Senior Warrior Member War Room Member Join Date: Sep 2008 Location: Honolulu, Hawaii, USA & Montreal Canada Posts: 2,218 Blog Entries: 1 Thanks: 759 Thanked 724 Times in 505 Posts	Re: Suggestions for "Torture Testing" a Membership site I believe that this is the first time I answered my own question - got a link from someone on Blellow that is an example of what I was looking for. SQL Injection – How to Test Web Applications against SQL Injection Attacks Actually this whole website is devoted to testing and evaluating software, so there are a lot of good resources for security testing here (although it's not exclusively for web sites & applications, it also covers desktop and server software). Another good article I found here was this: An approach for Security Testing of Web Applications Again, if anyone else has a similar resource I'd love to know about it - anything that can help find (and eliminate) vunerabilities on our sites is a valuable resourse beyond this one project. Thanks Bill

09-10-2009, 10:15 PM	#3
lisag Lisa Dozois War Room Member Join Date: Jan 2006 Location: Florida, USA. Posts: 612 Thanks: 85 Thanked 221 Times in 110 Posts Social Networking	Re: Suggestions for "Torture Testing" a Membership site WDVL: Securing PHP Web Applications - Introduction to Exploit Testing
	-- Lisa G