php - How can I check website security for free?

Question

I've heard that there are some free applications that will check the vulnerability of a PHP website, but I don't know what to use. I'd like a free program (preferably with a GUI) for Windows that will analyze my site an give me a report.

Anyone know of a solution?

question from:https://stackoverflow.com/questions/339603/how-can-i-check-website-security-for-free

Answer 1

There are only certain security holes you can check for with any program. You can check your PHP configuration, Apache configuration, passwords, common bugs, etc. but you can't really check programatically for logic errors which might cause security holes.

Your best bet would be to do a thorough code review of the website. Or, better yet, have several other people do a thorough code review of the website, looking for security holes.