PremiumCodeX (OP)
|
|
December 12, 2016, 09:06:35 PM |
|
Hey!
Do you have someone to review your site from security viewpoint or do you use automated software to do it for you?
If the previous, where do you find this person? If the latter, what software would you recommend?
Let us turn this into a discussion so please attach your arguments too!
|
|
|
|
cloverme
Legendary
Offline
Activity: 1512
Merit: 1057
SpacePirate.io
|
|
December 13, 2016, 02:13:44 AM |
|
Qualys and Tenable are vulnerability detection platforms that work very well. However, once you get through the basics, you need someone to go through code and doing some application security protection as well. The guys from Coalfire are fantastic, but very expensive, you can find qualified people on Upwork as well for a cheaper rate, but still qualified.
|
|
|
|
nemgun
|
|
December 15, 2016, 03:48:49 PM |
|
you should check the Kali project, it is used to test/monitor the security of websites, it comes with full tools for auditing the security and for penetration testing, you even have hundreds of exploits that can be used, i generally use it for DDOS testing, database penetration, XSS, shell injection ... Great tool with loads of tutorials, but you shall have a VirtualMachine on your computer because it is an OS.
|
|
|
|
BuySomeBitcoins
|
|
December 17, 2016, 12:31:47 AM |
|
Qualys and Tenable are vulnerability detection platforms that work very well. However, once you get through the basics, you need someone to go through code and doing some application security protection as well. The guys from Coalfire are fantastic, but very expensive, you can find qualified people on Upwork as well for a cheaper rate, but still qualified.
You will not get excellent coders from upwork. small websites can start with https://sucuri.net/
|
|
|
|
Kray
|
|
December 17, 2016, 09:23:40 PM |
|
you should check the Kali project, it is used to test/monitor the security of websites, it comes with full tools for auditing the security and for penetration testing, you even have hundreds of exploits that can be used, i generally use it for DDOS testing, database penetration, XSS, shell injection ... Great tool with loads of tutorials, but you shall have a VirtualMachine on your computer because it is an OS.
Do you mean kali linux?
|
|
|
|
BuySomeBitcoins
|
|
December 17, 2016, 11:29:10 PM |
|
you should check the Kali project, it is used to test/monitor the security of websites, it comes with full tools for auditing the security and for penetration testing, you even have hundreds of exploits that can be used, i generally use it for DDOS testing, database penetration, XSS, shell injection ... Great tool with loads of tutorials, but you shall have a VirtualMachine on your computer because it is an OS.
Do you mean kali linux? He meant probably using KALI pen-testing tools to scan websites against vulnerabilities.
|
|
|
|
Emerge
Legendary
Offline
Activity: 854
Merit: 1000
|
|
December 18, 2016, 08:27:17 AM |
|
Sucuri.net is actually a really good resource. I haven't had problems with them so far
|
|
|
|
PremiumCodeX (OP)
|
|
December 18, 2016, 11:10:29 AM |
|
Thank you for your suggestion! So, to start I could do basic security testing myself. I know Kali Linux a bit. It truly has an amazing set of tools. I have not used Qualys and Tenable yet, but according to their sites, they seem great too. What are the major advantages of Qualys, Tenable and Kali compared to each other? Or should I use more than one platform in the same time?
|
|
|
|
nemgun
|
|
December 18, 2016, 02:44:48 PM |
|
I mean Kali-linux, it is a complete OS made for security testing, full of several softwares (open source and paid) who lets you audit your website, but it is reserved only to experienced users, you may also use it to learn but it will be difficult, even if there is a lot of tutorials on the web. The thing is that you have so much possibilities that you don't really from where you should start, you can test for DOS MIM SQLI BF ... it is a complete set, and i better like to use rather then pay for a useless or incomplete tool.
|
|
|
|
|