How can I pen test my .php website that I host on my local machine?
Pen testing my own .php website
Well, I've made some kind of forum type website where you can share posts comments and information. There is a login panel (/index.php) at first and it's already secure enough to block users from entering "/home.php" or etc. I've put simple username and password input to login.
Some tricks to avoid SQL payloads are in my code and managed to defend my database (im not a pro pen tester tho there might be a way). At the moment, my whole website is pulled out from my XAMPP/htdocs/mywebsite/... directory. I'm using Phpmyadmin (PHP) as my database management. The main thing about all this question is, how can I manage to crack my login panel? Is there any other vulnerabilities? If someone knows some tricky simple pen testing tools please let me know! This is my first question btw :D. Educational purposes only. I'm trying to learn some security now-hows.
- Several types of SQL payloads by importing commands into error lines (didn't work).
- Special characters are handled with statements in php code lines.
- Looking for more ways to secure my website.
