Hi everyone,
I am recently completing a project and the client asked me is there a ‘checklist’ online tool that checks a website security. After scanning the internet, I’ll like to ask the community is any tool they prefer or works well with Yii2 to at least cover the basic security checks.
How about https://observatory.mozilla.org/
There are others. I’d also test “real World”, NOT a “faker test”, NOT a “mock” test, but “for real”
if a user can see or edit someone else’s data. I would test RBAC real World completely, RBAC is hard and tricky to get set up correctly.
Yii team how about not blocking that link, it is safe. You once blocked another “safe” link I gave.
the weakness is not php/yii but your implementation. I suggest a pen-test framework, so have a look at kali-linux.