What is the web project security audit algorithm?

S

Sergey2014-02-04 15:38:21

Information Security

Sergey, 2014-02-04 15:38:21

Hello, I need to conduct a security audit of a web project, how can I do it? is there any algorithm of actions? Scanning ports and using x spider comes to mind, but I feel that this is complete garbage. What else do you need to know and do?
I would like a step-by-step algorithm, then I'll google it.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

V

Vlad Zhivotnev, 2014-02-04
@inkvizitor68sl

www.comodo.com/hackerproof/questions.html
Most of the nastiness will be found (and in the code too).
And then - scan ports, see what sticks out, get rid of it or upgrade to versions without known vulnerabilities. Well, install snoopy, look through it, what's going on in the system.

S

Sergey, 2014-02-04
@bondbig

If it’s not just a “play around”, but a really important project, then it’s better to turn to professionals.
Well, in pursuit of Komodo, I’ll tell you the Fortify on Demand service from Fortify (now owned by HP), it has a free version. This is a source code check for security issues.

D

David, 2019-09-10
@dordyan

It's worth starting with the guide from OWASP: https://www.owasp.org/images/9/96/OWASP_Top_10-201...
They also have a Penetration Testing Guide.
Of the scanners, in addition to Xspider, you should try Metascan .