Results 1 to 8 of 8
  1. #1
    Join Date
    Apr 2009
    Location
    Near my sweet wife
    Posts
    57

    Please Recommend PHP Security Expert

    Who's the best qualified person on WHT to hire to check a few simple scripts for security (contact forms, autoresponders, client's scripts)? I doubt it'd take an expert more than a few minutes.

    I have no way of judging the aptitude of an individual due to my complete lack of current understanding of php (and don't want to spend the time right now to change that), so I can't just post a "help wanted" post.

    Your suggestions are appreciated.

  2. #2
    Join Date
    Jul 2009
    Location
    UK
    Posts
    1,308
    When you say security..

    What are you worried about?

    SQL injections into your forms? ( If so,, Simply checking that variables are being escaped is a good start "mysql_real_escape_string" )
    ( Not sure what you would want checking on a auto responder? )
    Live Chat Support Software for your Business website - IMsupporting.com

  3. #3
    Join Date
    Nov 2010
    Location
    Arizona
    Posts
    297
    This is a good place to start on PHP security and get some basic info on PHP security and what you can do:

    http://articles.sitepoint.com/articl...urity-blunders

  4. #4
    Join Date
    Apr 2009
    Location
    Near my sweet wife
    Posts
    57
    Thanks for your input.

    I don't have time right now to become familiar with php security. Therefore, I need recommendations.

    Thanks!

  5. #5
    Join Date
    Mar 2002
    Location
    Philadelphia, PA
    Posts
    2,508
    In terms of reputation on WHT and security experience, would recommend Rack911.com
    Linux junkie | steward.io

  6. #6
    Join Date
    Jul 2003
    Location
    UK
    Posts
    1,879
    In terms of finding the right person: Ideally you want a security consultant with experience in source code analysis, rather than a server admin or developer.

    You should be provided with an honest assessment of the code, with detail where necessary, coupled with either fixes, or recommendations. Try to avoid consultants who rely solely on automated techniques to pick up on vulnerable code, they do miss things.

    Good on you for getting on top of it! It's refreshing to see someone being proactive rather than reactive!

  7. #7
    Join Date
    Sep 2010
    Location
    Behind you...
    Posts
    355
    If you want a decent audit it will take more than a few minutes to examine and test your forms thoroughly. If you want the cheap solution you can post some code samples on WHT for free review and follow my guidelines that I use in all my project:

    1. Use prepared statemtents to minimize the chance of SQL injections.
    2. Never echo back what a user has put in your form. Always use a function like htmlentities or something (especially in your contact form).
    3. Things like email addresses can be checked for validity before storing them or using them in the autoresponder.
    4. Design with the assumption that every visitor wants to "hack" your website
    file1.info :: 50GB secure cloudstorage with filemanager

  8. #8
    Join Date
    Apr 2009
    Location
    Near my sweet wife
    Posts
    57
    Thank you all for your input. Steve at rack 911 recommended thatscriptguy. Kevin's been very helpful and resolved my issues, and I highly recommend him for a communicative and intelligent partner.

Similar Threads

  1. Looking for internet security expert for security audit
    By dnki in forum Systems Management Requests
    Replies: 5
    Last Post: 02-18-2010, 03:40 AM
  2. Can someone recommend a security expert?
    By gregorym in forum Managed Hosting and Services
    Replies: 10
    Last Post: 10-16-2007, 06:24 PM
  3. Server / PHP security issues (looking for expert)
    By gregorym in forum Hosting Security and Technology
    Replies: 6
    Last Post: 02-27-2007, 03:03 PM
  4. Replies: 0
    Last Post: 07-12-2006, 06:28 PM
  5. Replies: 2
    Last Post: 01-05-2005, 11:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •