4 replies to this topic

[Swerve]

I'm just creating an eCommerce site from scratch using PHP/MySQL and I'm doing my best to cover all angles, but I'm not to knowledgeable about cracking.

I'm not too worried about vulnerabilities on the server as it's with a large well known hosting company, so I hope they've got that side of things covered, but with regards to my app I might well of made some mistakes.

Can anyone recommend some tools I can use against the site to test for vulnerabilities?

I'm running it on a LAMP stack on localhost at present, so if I could run the tests whilst it's hosted on that it would be nice.

Don't mind what OS, just looking for advice/tips really.

Thanks a lot

[redshift]

Though web app pen-testing is not my strong point I do know you can use burp suite. The professional version has some really good automating tools to use to show the flaws within you site. The professional version will set you back about 300 USD.

They also have a free version, but it does not exactly have everything you are looking for.
Here is a link to Burp.

[serrath]

XSS Me firefox addon

[Swerve]

Thanks guys, some good ones there, will give them a blast over the next week or so once the codings been completed.

Appreciated.

[TheFunk]

You could try WebScarab.

WebScarab

There's a getting started page here

Getting Started

Good luck and may the force be with you!