Im an IT professional with no experience of real testing at all (intranet web developer background). Ive recently started a business creating CMS websites and online shops for small businesses. The sites we build are based on open source software such as Joomla! and osCommerce. Both are written in PHP with MySQL database at the back end.
Im looking for open source penetration testing software. I would like it to alert me of any vunerabilities in the website code which would allow unauthorised access to the backend database. Id also like it to test for unauthorised access to change anything in the file system.
I originally didnt think of open source and narrowed my search to Watchfires AppScan. Gorgeous piece of software but I nearly fell off my chair when I found out how much it is. Yikes
Ive browsed through the tools>security section of this website but am at a bit of a loss because of the testing terminology. Could anyone please make a suggestion as to what I could try ? Im running tests from Windows laptop on Linux hosted, PHP based websites.