Where to start testing my site for vulnerabilities

Forum Moderators: coopster

Message Too Old, No Replies

Where to start testing my site for vulnerabilities

rioroccoroma

5:30 pm on Apr 14, 2008 (gmt 0)

Can anyone point out what this article is referring to? They seem to talk about it without actually describing it.

[news.bbc.co.uk...]

jatar_k

7:34 pm on Apr 14, 2008 (gmt 0)

The attack that a malicious hacker can carry out via these web code vulnerabilities is known as cross-site scripting (abbreviated as XSS).

rioroccoroma

8:14 pm on Apr 14, 2008 (gmt 0)

Yes - but what does that mean. The article refers to logins being hacked - can you explain to me how that would be done. I don't know where to start looking to figure out if my pages are vulnerable.

rioroccoroma

8:16 pm on Apr 14, 2008 (gmt 0)

Sorry - meant to add more. The article refers to Javascript but my logins are hanndled by PHP.

surrealillusions

8:42 pm on Apr 14, 2008 (gmt 0)

I think this bit gives you a clue.

Typically these involve lax control of the data being swapped between a web server and the browser program someone is using to interact with it.

So any type of login - especially server side languages that speak to the server like databases and that.

does that help at all?

rioroccoroma

8:57 pm on Apr 14, 2008 (gmt 0)

So it means SQL injection? I am already preventing that. I thought it might mean something else.

mattur

11:31 pm on Apr 14, 2008 (gmt 0)

Google is your friend: [google.com...]