A project, the server with PHP, no framework, the code is hosted on Bae, so security this piece has to do itself.
Because the code is hosted on Bae, we don't have to consider the security of the server for the time being, so the security I'm referring to is probably more about code security.
But there was no systematic understanding of how this piece would be done, but it was fragmented to some of the most common possible attack points: XSS, SQL injection, and so on.
But it's always patchwork to feel like you're on your own. I would like to know if there is a system of security testing procedures or standards to assess the security of their own sites?
Or, are there any friends who can share some of their experiences in dealing with this kind of problem?
Reply content:
A project, the server with PHP, no framework, the code is hosted on Bae, so security this piece has to do itself.
Because the code is hosted on Bae, we don't have to consider the security of the server for the time being, so the security I'm referring to is probably more about code security.
But there was no systematic understanding of how this piece would be done, but it was fragmented to some of the most common possible attack points: XSS, SQL injection, and so on.
But it's always patchwork to feel like you're on your own. I would like to know if there is a system of security testing procedures or standards to assess the security of their own sites?
Or, are there any friends who can share some of their experiences in dealing with this kind of problem?
360 Website Detection: http://webscan.360.cn/
and brother Bird's taint expansion: Http://pecl.php.net/package/taint
Say to your leader, use dark clouds to test: http://test.wooyun.org