I'm facing a serious problem with hackers and / or crackers on the site developed for a city hall. I tested SQL MAP
on every page of the site. I tried the ftp lock, looked for files injected into the site, searched for viruses, malwares and backdoors and so far nothing ...
So I came up with this question, how to test the application effectively and find security flaws related exclusively to the application?
I think that in order not to be so broad the question could be focused only on the WEB environment ... if the person who answers the question thinks that it can cover all the content it will be very welcome too: D
I would also like if possible that the answer be quite generic and can be applied to any form of development (within the limitations of languages)
Application information:
Language: PHP
Database: MySQL
Connections: mysql_connect ¬¬ (not my fault)
Attack Focus: Database
Common Issues
Script Injection for page redirect
Injection of images within the news and highlights
Injection of files to backdoor
Items that do not cause problems (hear no attempts)
DoS Attacks
Brute-Force Attacks
Fixes in the first instance
Changing database credentials
Changing the admin password (current hash -> df8bce1285196dddc104c22f15665dac)
I had already asked What the code below (written by a cracker) does? and had posted the code from one of the files that were already injected into the site ...
I did a scan on ftp and made sure there is no malicious file inside it ...
All gets and posts are validated as follows
if(isset($_GET['t'])){
$ids = (int)mysql_real_escape_string($_GET['t']);
if(!is_numeric($ids)){
$ids = '1';
}
} else {
$ids = '1';
}