How to test Codeigniter Project Effectively


#1

HI All
:::::::::::PLEASE DO ANSWER ME:::::::::::::::::::
I recently developed a portal using Codeigniter, Now I want test against all security, code, and other operations effectively. I tested it from development mode. undefined variables, and notices are coming out. Okay, well, let me know effective tool/practices to test my project.

Thanks


#2

The framework you use is irrelevant. There are a great deal of avenues. It is your responsibility as a developer to decide which one to use.

Your first step is to evaluate your code. There are many options available.

  • http://pear.php.net/package/PHP_CodeSniffer/ PHPCodeSniffer, configured to use PSR-0, PSR-1 & PSR-2 as the default rule sets.
  • http://phpmd.org/ PHP Mess Detector - Looks for algorithmic over-engineering and other nonsense.
  • http://sourceforge.net/projects/rips-scanner/ A static analysis tool that runs as a web app.
  • https://github.com/jokkedk/webgrind Webgrind is a Xdebug profiling web frontend in PHP5.
Now, as for security, the only real way to do this is via a Penetration Test. Basically, you want to simulate an attack on your app and see how it holds up. There are a number of options:
  • https://code.google.com/p/skipfish/ Skipfish - It'll crawl your site to build a sitemap & then blast it.
  • https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework Mantra - In my opinion, the holy grail of browser based security testing. Its basically Firefox with a slew of tools.
  • https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP ZAP - A proxy that does your typical intrusion & attacks.

Hope this helps.

Edit: Formatting