How to detect the security of a website

Source: Internet
Author: User
Tags taint
A project, the server with PHP, no framework, the code is hosted on Bae, so security this piece has to do itself.

Because the code is hosted on Bae, we don't have to consider the security of the server for the time being, so the security I'm referring to is probably more about code security.

But there was no systematic understanding of how this piece would be done, but it was fragmented to some of the most common possible attack points: XSS, SQL injection, and so on.

But it's always patchwork to feel like you're on your own. I would like to know if there is a system of security testing procedures or standards to assess the security of their own sites?

Or, are there any friends who can share some of their experiences in dealing with this kind of problem?

Reply content:

A project, the server with PHP, no framework, the code is hosted on Bae, so security this piece has to do itself.

Because the code is hosted on Bae, we don't have to consider the security of the server for the time being, so the security I'm referring to is probably more about code security.

But there was no systematic understanding of how this piece would be done, but it was fragmented to some of the most common possible attack points: XSS, SQL injection, and so on.

But it's always patchwork to feel like you're on your own. I would like to know if there is a system of security testing procedures or standards to assess the security of their own sites?

Or, are there any friends who can share some of their experiences in dealing with this kind of problem?

360 Website Detection: http://webscan.360.cn/
and brother Bird's taint expansion: Http://pecl.php.net/package/taint

Say to your leader, use dark clouds to test: http://test.wooyun.org

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.