LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-03-2002, 09:50 AM   #1
g_goblin
Member
 
Registered: Oct 2002
Location: Chitown
Distribution: RH 7.2/3
Posts: 48

Rep: Reputation: 15
Web Site Security Testing


Hey guys, I was wondering if there are any tools out there to test a web server's security. I want to be able to test it before I put it into production.

Thanks,

green one
 
Old 12-03-2002, 04:16 PM   #2
g_goblin
Member
 
Registered: Oct 2002
Location: Chitown
Distribution: RH 7.2/3
Posts: 48

Original Poster
Rep: Reputation: 15
Sorry guys... I realize the potential for this question to raise an eyebrow... however there has to be some tools out there to let you test your own server for any possbile security risks either local or external.

I'm not looking to hack someone's site... just test my own.
 
Old 12-03-2002, 05:43 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
Use Netcraft to see if the server is already listed. Comes in handy determining the OS/httpd version and spares you a scan (aprox). If you can find a CVE entry for a vulnerable httpd version, just try break it straight away, else don't be subtle and throw a portscan at it using Nmap/hping2 to find out what's open. Finish with a look with Nessus/Whisker/Arirang/whatever else scan to find possible vulnerable sw. Basically there's too much tools around, I'd say go for what you're comfortable with. Since you've got local access you can use local auditing stuff like CISscan, SARA, TIGER, COPS.
Use the results (maybe use Bastille-linux as well) to tighten up security. Don't forget to check docs like the Apache security primer, SANS top 20 vulnerabilities and the basic references we post in this forum aprox once every month*.

Also check out the OSSTM at http://www.isecom.org for framework docs and excellent tool list.

Here's some other tool archive links:
Huge archive: http://www.cerias.purdue.edu/coast/a...ory_index.html
Refs: http://www.cert.org/other_sources/tool_sources.html
top 50 tools: http://www.insecure.org/tools.html

*If you want us to run this by you again, just ask. But post some system/network/purpose specs before so we can see if we can make it more specific.

HTH.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Personal web server for testing web sites? Ariod Linux - Newbie 12 09-29-2005 05:30 PM
how to avoid testing security abd_bela Ubuntu 1 08-21-2005 03:01 PM
Testing Site Bandwidth belorion General 1 11-29-2004 02:15 PM
php site testing on my local LAN duffboygrim Linux - General 2 05-16-2004 03:54 AM
testing my site for exploits juanb Linux - Security 8 09-01-2003 08:22 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration