Now that you know all about the security issues surrounding web application development, you need to be able to test your own websites effectively. Obviously the best ways to test is by reading your code, or if you are working in a team, code reviews by colleagues, but attacking is very different to writing code, and often trying it yourself can throw up issues you had never even considered while writing the site.
The first tool we are going to cover is Metasploit. This is an arsenal of tools for penetration testing on many different sorts of systems, but it has a few tools for auditing website security as well. Metasploit targets the computer your code is running on more than the code itself (that's what the next tool will help with), and it is quite easy to get it running and see the results.
You can download and set up your own installation of Metasploit, but you need to set up a database for it to use as well. If you are confident doing this, go ahead and install PostgreSQL, but otherwise, we suggest downloading Backtrack Linux, a live Linux distro with Metasploit all set up for you with a database already.
Once you have this ready to go and have msfconsole, open up a terminal window and run it.
Check your are connected to a database by typing:
db_status
You now need to port scan the server which hosts your site. If you are on shared hosting, don't do this, your hosting provider will not like you and you may be violating the terms of use. However if you are on a VPS or dedicated host it should be ok.
db_nmap -sS -sV -T 5 -P0 -O IP_ADDRESS
Now that you have got the list of possible exploits in the database, you can now launch the exploits. Metasploit will automatically try everything it can to attack and gain access through the ports that were open. This shows problems with out of date and insecure software running on the server.
Type the following in order to launch the exploits:
db_autopwn -p -e -t
You should now see a list of results similar to this...
If Metasploit gets any successful connections, you will see the sessions in a list by typing...
sessions -lYou can now connect to one of the sessions and get shell access to the server using this command...
sessions -i SESSION_NUMBER
If you find any vulnerabilities on your server with this tool, it means anyone else can. This is only the most basic of tests so it definitely doesn't cover everything, but it is a good start and can quickly tell you what software you might need to upgrade or replace. Remember to keep your server software patched. A new patch might come with performance issues or security flaws, but these are unknown and generally it is better to upgrade immediately rather than hanging back on versions that are known to have flaws.