- Impact
- 270
I'm looking for some advice on how to get one of my sites security testing. I've spent a few days reading through sites found via Google, but not with much luck. I'm hoping some of you here might be of better help.
The site in question is quite big/complex. It is fully custom built (php / mysql) social network consisting of user profiles, blogs and all the other usual stuff.
What I want is for it to be tested before it goes live to asses and elimnate security vulnerabilities such as:
From my research I understand this can be done manually or some companies use automated scripts to test against these things.
Thanks in advance.
The site in question is quite big/complex. It is fully custom built (php / mysql) social network consisting of user profiles, blogs and all the other usual stuff.
What I want is for it to be tested before it goes live to asses and elimnate security vulnerabilities such as:
- Cross Site Scripting (XSS)
- Injection Flaws/SQL Injection
- Malicious File Execution
- Insecure Direct Object Reference
- Cross Site Request Forgery (CSRF)
- Information Leakage and Improper Error Handling
- Broken Authentication and Session Management
- Insecure Cryptographic Storage
- Insecure Communications
- Failure to Restrict URL Access
From my research I understand this can be done manually or some companies use automated scripts to test against these things.
- What would you advise?
- What other areas of security should I be concerned with?
- Any particular resources I can read/look at to get more information?
- Do you know of companies that offer this service?
- And finally, what kind of prices would I be looking at for this kind of service?
Thanks in advance.