Server / APP security check?

Forum Moderators: coopster & phranque

Message Too Old, No Replies

Server / APP security check?

Is there a website/service for checking an online app?

explorador

4:24 am on Jan 3, 2015 (gmt 0)

Hi there webmasters, just curious: there are online services (free webapps) for checking the speed of your website, valid html, mobile friendly etc.

But is there a service for checking your webapp?

Like signing up and then adding your url to a "shoot at it" list? like a bot that will try to attack your forms, input info on query strings, get, posts, etc?

lammert

9:52 am on Jan 4, 2015 (gmt 0)

There are paid and free services to do this which you can find through Google by searching on terms like "server security scan", but I didn't use them so I can't say anything about them from my own experience.

What these tools do is shoot at commonly known security holes, but I doubt most will be able to find system design or programming flaws in custom made site software. A peer review of the source code may be more helpful for that.

mack

2:11 pm on Jan 4, 2015 (gmt 0)

I agree. The web based tools will probably work for known flaws with scripts that they are aware of. If your script is custom or modified in any way the chances are you will be wasting your time, and perhaps providing yourself with false optimism.

There are also Firefox and Chrome extensions that are designed to try and find sql injection weaknesses in forms and get method requests. I have experimented with a few of these, and they didn’t find any flaws, not sure how accurate that is though, perhaps giving myself false optimism as well?

Mack.

explorador

9:43 pm on Jan 5, 2015 (gmt 0)

Thanks for the info, yes it's all custom made so most (all I guess/wish) standard risks are already covered. Will keep on checking.