HI All
:::::::::::PLEASE DO ANSWER ME:::::::::::::::::::
I recently developed a portal using Codeigniter, Now I want test against all security, code, and other operations effectively. I tested it from development mode. undefined variables, and notices are coming out. Okay, well, let me know effective tool/practices to test my project.
Thanks
The framework you use is irrelevant. There are a great deal of avenues. It is your responsibility as a developer to decide which one to use.
Your first step is to evaluate your code. There are many options available.
- http://pear.php.net/package/PHP_CodeSniffer/
PHPCodeSniffer, configured to use PSR-0, PSR-1 & PSR-2 as the default rule sets.
- http://phpmd.org/
PHP Mess Detector - Looks for algorithmic over-engineering and other nonsense.
- http://sourceforge.net/projects/rips-scanner/
A static analysis tool that runs as a web app.
- https://github.com/jokkedk/webgrind
Webgrind is a Xdebug profiling web frontend in PHP5.
Now, as for security, the only real way to do this is via a
Penetration Test. Basically, you want to simulate an attack on your app and see how it holds up. There are a number of options:
- https://code.google.com/p/skipfish/
Skipfish - It'll crawl your site to build a sitemap & then blast it.
- https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework
Mantra - In my opinion, the holy grail of browser based security testing. Its basically Firefox with a slew of tools.
- https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
OWASP ZAP - A proxy that does your typical intrusion & attacks.
Hope this helps.
Edit: Formatting