Quote (CHCL @ Jun 13 2013 01:42pm)
And how can i know, that it isn't Vulnerable for SQL injections?
.
That's entire paragraphs to explain. in short, you can't.
good database monitoring and known exploit "fingerprinting" will work pretty well against these attacks.
check HTTP requests, file changes, etc... a solid robots file (prevent google dorking)
proper file permissions, the list goes on...
You're weak points are public files. (things that have user interaction)
e.g. input boxes such as login registration forms can be exploited through XSS and in turn SQLi opens up
theres an addon for apache called modsecurity which is pretty cool it helps greatly! (assuming you run your own server)
This post was edited by Glyph89 on Jun 18 2013 01:18am