In this world, there are many way to hack an applications. Hackers tries many way to hack an application every day. Same thing goes for a PHP app. There are many tools also build using PHP.

WordPress – build with PHP. WordPress uses by millions of bloggers. This also uses by many business farms for making & maintaining their personal website.

Laravel – a PHP framework, which helps to build any complex PHP application. It makes developer task easy.

Common cyber-attacks for PHP application…

  1. XSS attack – Cross Site Scripting Attack
  2. SQLInjection attack – a web form on a website might request a user’s account name and then send it to the database in order to pull up the associated account information using dynamic SQL like this: “SELECT * FROM users WHERE account = ‘“ + userProvidedAccountNumber +”’;”
  3. DOS & DDOS attack – known as Denial of Service Attack. Here from a target machine attacks another victim machine by sending N number of packets chunks. This attack can be done from one machine or multiple machines. If the victim machine prevent with firewall then may be this attack should not work. In kali Linux there are many tools which you can used for this?

We will also learn what type of tools you can use, for testing a PHP application. We also learn, why we need to use ‘prepared statement’ in PHP application. Using this statement and parameterized query helps to prevent attacks like SQLInjection.

Tools usage:

  • WPScan – helps to tests PHP application security. Helps to detect username of WordPress site and try brute force attack for password from the sample password list file.

SQLmap – helps to perform SQLInjection attack on a specific url. Helps to find databases, tables and record inside them.

  • Sublist3r – helps to detect subdomains connected via a server.
  • Nmap – helps to scan open-ports and detects technologies used by that particular website/server.