Government Security
Network Security Resources

Jump to content


[?]Methodology For Finding Bugs In Webapps?

bug php tools sql audit auditing
  • Please log in to reply
4 replies to this topic

#1 scuarplex



  • Members
  • 10 posts

Posted 26 December 2010 - 01:34 PM


I'm looking for any kind of book, advice, text, or anything that can help with my manner of auditing code (PHP code mostly). Sometimes i feel that i'm going back and forward and i feel lost when i can't find any bug in a short period.

My "methodology" is:
*Mount the project in localhost.
*Start with basic attacks (SQLi,RFI,XSS,etc).
*Read the source.
*Try with YASCA (automated tool to find bugs, i know it's f*king lame but it's my last hope).
*Go to the second step if i can't find anything and keep looking.

What's yours? any advice or lecture?


#2 Glyph


    General of the Army

  • GSO Management
  • 1,606 posts

Posted 26 December 2010 - 03:47 PM

1. Audit the source. You'll reduce your testing overhead by a good percentage.
2. Focus on source.. *May the source be with you*
3. Think navel lint aka FUZZ. This will enable you to throw possibly unanticipated packets at the app.. ie try to break it.
4. OWASP.. Great little web frontend auditor.
5. Pick up yourself a copy of BackTrack4r2 (Codename:Nemesis).. grunches of tools for doing what you're looking into.

#3 bonarez


    Retired GSO Second Lieutenant

  • Sergeant Major
  • 1,252 posts

Posted 26 December 2010 - 08:33 PM

I never really was into webapp security testing, but came across an article today that might interest you. A damn pretty good overview of all free and foss webapp scanners out there including test results. Article is so big I even haven't finished reading yet.


Tested scanners:

For those of you that want a quick glimpse, the following scanners were tested in the benchmark:

Acunetix Web Vulnerability Scanner (Free Edition), aidSQL, Andiparos, arachni, crawlfish, Gamja, Grabber, Grendel Scan, iScan, JSKY Free Edition, LoverBoy, Mini MySqlat0r, Netsparker Community Edition, N-Stalker Free Edition, Oedipus, openAcunetix, Paros Proxy, PowerFuzzer, Priamos, ProxyStrike, Sandcat Free Edition, Scrawler, ScreamingCSS, ScreamingCobra, Secubat, SkipFish, SQID (SQL Injection Digger), SQLiX, sqlmap, UWSS(Uber Web Security Scanner), VulnDetector, W3AF, Wapiti, Watobo, Web Injection Scanner (WIS), WebCruiser Free Edition, WebScarab, WebSecurify, WSTool, Xcobra, XSSer, XSSploit, XSSS, ZAP.

Try with YASCA (automated tool to find bugs, i know it's f*king lame but it's my last hope).

I don't think it's lame, it's a (slightly easier) way to learn more. Don't try to re-invent the wheel ;)
"Ask the right question and you will receive the right answer. I'm just very sensitive about the right syntax"

Read the rules before you post

#4 scuarplex



  • Members
  • 10 posts

Posted 29 December 2010 - 01:00 AM

Thanks for the advices guys :)

#5 scuarplex



  • Members
  • 10 posts

Posted 31 December 2010 - 03:45 PM

A website full of FREE OWASP ebooks ; )

Also tagged with one or more of these keywords: bug, php, tools, sql, audit, auditing