Penetration testing for PHP security vulnerabilities
I am doing a undergrad research paper on "Identifying and Testing security vulnerabilities in websites". Initially I thought I would test manually as I had specified in my methodology that I would only test for few chosen vulnerabilities i.e. SQL injection, Cross site scripting, error reporting, session hijacking and input validations. But as I continued researching I found all articles and tutorials suggested software.
I have few websites that my mates administer so I want to conduct testing on their sites. I am checking for few vulnerabilities on half a dozen websites. Should I use penetration testing tools or just do dynamic penetration testing without software?
Answer
It all boils down to what you want; you may use Burp Suite which is a great manual pentesting tool with a nice community and resource online that allows you to perform pen tests efficiently.
You might want to try automatic web application scanners such as Acunetix Web Vulnerability Scanner which also comes with manual pentesting tools and automatic crawling and scanning of a site (which is great IMO). They also offer free 14 day trials which should be more than enough for your purpose.
I always believe pentesting should start off with automated software tools as mentioned above and reinforced with manual intervention to make sure you tested the application effectively.
There's no right or wrong way to do it, however the above method is what many opt for. You might also want to read the Hacker's Handbook by Dafydd Stuttard and Marcus Pinto. This gives a great overview on web applications, how to penetrate them and how to safeguard them.
You can make use of utility tools such as Nmap and OpenSSL to confirm or attempt to discover vulnerabilities within an application.