Correct TK for checking the site for vulnerabilities or maybe there are special offices that do this?

R

Radmir2015-06-28 14:01:17

PHP

Radmir, 2015-06-28 14:01:17

One of our sites was recently hacked and placed in the root folder with php code that placed sape links on the site (at least I tried)
Tell me how to make the right technical specification (maybe a list of vulnerabilities) for which you need to check the site, and if possible fix them.
Or maybe there are already some special offices (tested) that can point out security holes and suggest how to fix them.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

C

cthulhudx, 2015-06-28
@RadmirZ

Order penetration testing
If you have sufficient qualifications in the field of information security, you can independently test your server using metasploit.

S

sim3x, 2015-06-28
@sim3x

write the correct TOR

you can not limit the pentester - so he will not find holes. The only restriction should be that no data should be destroyed during validation. Moreover, the customer must himself strengthen the creation of backups.
Unfortunately, there is no white-hat culture in Russia now. So any bug can leak with a non-zero probability.
Therefore, it is better to build a search for a specialist through some person with a reputation.
You can, for example, rummage through the hub and ask them for advice and contacts.
It should be taken into account that the time of specialists will be expensive. And perhaps it's easier to rummage around and remove sqli, xss, ...

A

Artem, 2015-06-28
@ulkoart

click - here you can order a check with all the consequences.

A

Arris, 2015-06-28
@Arris

Manul