Re: [PHP] spider

On Fri, Mar 21, 2008 at 1:52 PM, tedd <tedd@sperling.com> wrote:
> Also, is there a way to spider through a remote web site gathering
> directory permissions?

I should hope not.

>
> If not, can one attempt to write a file and record the
> failures/successes (0777 directories)?

I don't know if you've thought about it like this, but can people just
upload files to your site? It has to run through a form somewhere.

> What I am trying to do is to develop a way to test if a web site is
> secure or not. I'm not trying to develop evil code, but if it can be
> done then I want to know how.

People do "pen tests" using fuzzers and such but most people agree the
only real way to do it is by having a human attempting different
things.

You might want to take a look at the OWASP Top 10 [1] to get a better
idea of what to look for.

[1] http://www.owasp.org/index.php/Top_10_2007