[Owasp-board] re my website

Jeff Williams jeff.williams at owasp.org
Tue Oct 28 23:03:53 UTC 2008


Hi Guy,

 

I wish I could help you.  OWASP is a volunteer organization and we don't
have a team of people who will test websites yet.  But it's not a bad idea.
It sounds like you should focus on putting some basic security controls in
place, like authentication and access control.  If the website is something
you care about then it's absolutely worth protecting.  There are several
bots out there that go after sites without enough protection and corrupt
their databases with XSS attacks.  I suggest spending some quality time with
the OWASP Top Ten and perhaps a platform hardening guideline to cut your
risk.

 

--Jeff

 

Jeff Williams, Chair

 <http://www.owasp.org/> The OWASP Foundation

work: 410-707-1487

main: 301-604-4882

 

From: Guy Munselle [mailto:guy at actuateis.com] 
Sent: Monday, October 27, 2008 3:22 PM
To: owasp at owasp.org
Subject: re my website

 

I am a starving website owner and wanted to ask you how I would go about
getting someone to go over my site to check for vulnerabilities?  I
basically have a directory that allows anyone to create a username and
password (which will give them access to a mysql database driven webpage
editor).  I understand that there may be a cost involved and if you do this
please let me know.  I keep noticing on my error log, people try to access
certain folders (ie logs, htpasswd, etc)  .  

 

 

 

Thanks 

Guy

http://domina.ms

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20081028/35f6d20a/attachment-0002.html>


More information about the Owasp-board mailing list