Please can you break my web site?

Discussion in 'other software & services' started by DonnEdwards, Jul 23, 2009.

Thread Status:
Not open for further replies.
  1. DonnEdwards

    DonnEdwards Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    36
    I have spent around 30 days developing the ability to create this web site, so I'm really proud of it, but before I put some "real" data in it, I need to find all the bugs and security holes. If anyone can help, fire away!

    The site is http://www.fishwisepro.com and at present it is using the Microsoft Northwind Traders database. You should have full editing rights, so screwing up the data doesn't count as "breaking" the site.

    If you can get it to crash or do anything weird, please let me know. If you know of any load testing software I can try, post the URL here or mail me directly. All help, suggestions, comments would be greatly appreciated.

    The data control is called ASPxGridView and if you are an ASPxGridView developer I would love to hear from you, and I'll be happy to share some of my code.

    Thanks in advance
    Donn
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    I don't know if what you ask is legal.

    Do you own the site - or are you just hosting it? If you're hosting, address any security issues to your provider. If it's your own, you should inform your ISP that you intend to perform security checks and coordinate any "intrusive" activities so that they do not go out of hand.

    There are standard infosec methods of auditing available, just make the right searches in Google and you will find them. Furthermore, you did not mention anything about disclosure of problems found or how you intend to handle them.

    Asking other people to break products - perform virtual hacking attempts against third-party software - without the right legal boundaries defined, I don't think this is the right way to do QA.

    Regards,
    Mrk
     
  3. DonnEdwards

    DonnEdwards Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    36
    I hadn't thought about the legaility; I don't live in the USA, but in South Africa.

    I am the developer for the site owner, who owns the domain and pays webhost4life.com for the hosting. Presumably the hosting comany has all the usual security stuff in place.

    I'm not asking people to DDOS the site, just to see if by using it they can get it to fall over. As the developer I think I am entitled to do so. If the site is vulnerable to some kind of weird ASP exploit, I would like to know.

    So unless the hosting company thinks that I'm violating the terms of service, there isn't going to be any legal comeback.
     
  4. DonnEdwards

    DonnEdwards Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    36
    Can you give an example of the "right searches" ?

    On the site I have provided an email address where any bug reports can be sent. Obviously I would want to fix any errors that I find.
     
Loading...
Thread Status:
Not open for further replies.