• caglararli@hotmail.com
  • 05386281520

How can I pen test my .php website that I host on my local machine?

Çağlar Arlı      -    50 Views

How can I pen test my .php website that I host on my local machine?

Pen testing my own .php website

Well, I've made some kind of forum type website where you can share posts comments and information. There is a login panel (/index.php) at first and it's already secure enough to block users from entering "/home.php" or etc. I've put simple username and password input to login.

Some tricks to avoid SQL payloads are in my code and managed to defend my database (im not a pro pen tester tho there might be a way). At the moment, my whole website is pulled out from my XAMPP/htdocs/mywebsite/... directory. I'm using Phpmyadmin (PHP) as my database management. The main thing about all this question is, how can I manage to crack my login panel? Is there any other vulnerabilities? If someone knows some tricky simple pen testing tools please let me know! This is my first question btw :D. Educational purposes only. I'm trying to learn some security now-hows.

  1. Several types of SQL payloads by importing commands into error lines (didn't work).
  2. Special characters are handled with statements in php code lines.
  3. Looking for more ways to secure my website.