Need security advice (OT)

drock

I've built a relatively small website that uses PHP and MySQL to store sensitive data. Since I'm no security expert (yet?) I'm hoping that one of you might know of someone I could talk with about improving security on the site. I guess I would like to know how easily it can be hacked and what I can do to make it harder. I'm not necessarily looking for a free handout. Can anyone help? You can respond to me at drock@frii.com to keep traffic off the forum if you'd like.

Thanks,
David Rock

tha_mink

What OS are you running? Here is a decent link with lots of other links and some informative opinions.

http://www.securereality.com.au/archives/studyinscarlet.txt

drock

Thank you for the link, I'm scouring through it now. The site is hosted by a public ISP. They run FreeBSD 4.6, PHP422 and Apache. Do you know of a person/service that I can use that will evaluate our site and report any glaring or not so glaring security holes that may exist?

Thanks,
David