435964 Need a security review of back-end CMS

We have custom-built a CMS for our clients that uses an authentication system tied to the user's IP address; I did this for an added level of security against hackers (the script notifies me when the IP's don't match so I can investigate). The CMS is simple, create-read-update-delete actions for news posts, testimonials, photo galleries, and a couple other parts of a website that most people will need to update.

However, the authentication script is pretty stable and probably doesn't need the extra layer of security, which is also a bit of a pain for clients who want to log in from multiple locations.

I'm looking for someone knowledgeable in preventing XSS, SQL injections and other hack-related items to perform a review of the way we set up the CMS files, functions, etc. and provide guidance on how secure it is against attacks...specifically where attacks could occur within our code.

Please keep in mind that this project post is for the review/report only. Once we have an opportunity to evaluate the recommendations we will put together our own road map of changes to make, and may come back to you (or SL in general) to complete all or parts.

In total, there are only 15-20 files to review, including the authentication script and one part of the CMS. From there we can extend the review through to the other parts of the CMS since the programming and functions are the same, just different tables and input fields.

You'll receive a .zip file with all relevant files, there's no need to provide phpMyAdmin or FTP access for this project. We'll provide public-side functions and examples too, so you can evaluate if/how the DB queries can be manipulated from the front-end.

Thanks!

CMS MySQL Odd Jobs PHP An ninh Web

ID dự án: #2181837

Về dự án