Security Basics mailing list archives

RE: web server chacking.

From: "Roberts, Scott" <scottroberts () hersheys com>
Date: Thu, 30 Jun 2005 14:47:28 -0400

It sounds like what you really want is Nessus. Nessus is an open source
vulnerability scanner that does many of the same functions as more expensive
commercial scanners, and is included in most Knoppix distros (I'd recommend
Knoppix STD).

In addition you should probably run Nmap against it using a few different
scan types. Those two open source tools should give you a pretty good idea
of where to start with improving your server security. 


Scott J. Roberts
------------------------
scottroberts () hersheys com

"We've been in the biggest beta test there is, for years. We call it
Windows."
--Victor Wheatman, managing VP for Gartner Group

-----Original Message-----
From: Juan B [mailto:juanbabi () yahoo com] 
Sent: Thursday, June 30, 2005 9:20 AM
To: security-basics () securityfocus com
Subject: web server chacking.

HI,

I want to start chacking the security of some of our web servers. I use open
source tools ( whoppix/knoppix cd).

what are the best open source tools to check the security of those webs (
checking for buffer overflows, cross site scripting,IIS holes,etc..)

thanks,

Juan


                
____________________________________________________
Yahoo! Sports
Rekindle the Rivalries. Sign up for Fantasy Football
http://football.fantasysports.yahoo.com

Attachment: smime.p7s
Description:

Current thread:

RE: web server chacking. Roberts, Scott (Jul 04)
- <Possible follow-ups>
- Re: web server chacking. Kim Guldberg (Jul 04)
- Re: web server chacking. dallas jordan (Jul 04)
- Re: web server chacking. security-basics (Jul 05)
  - Radius Profiles for Cisco using IAS nmas (Jul 11)