Security Basics mailing list archives
Re: Server Penetration Testing
From: Todd Haverkos <infosec () haverkos com>
Date: Tue, 27 Sep 2011 07:17:47 -0500
"Femi Mogaji" <olufemimogaji () gmail com> writes:
Hi list, So we just had our annual audit, and one of the findings that came up is server-side pen-tests. We already carry out quarterly ASV scans & yearly pentest of our external IP addresses, where we fell short was the lack of internal pentests. The question is: what tools can I use to carry out these tests? Especially tests directed at SQL servers & file servers etc. A tool that can generate easy to read reports would be really nice. Any input will be appreciated.
If you, like most organizations, may lack the time, staff or expertise or the political latitude to do real internal penetration testing at scale, you can get a lot of bang out of internal credentialed vulnerability scans. As a bonus, you'll get some metrics where you can measure and report on progress. Tenable Security Center (which leverages the Nessus scanner) is where it's at there for vuln scanning and metrics, IME. If you do have the resources to have an internal penetration testing team, Metasploit is a great exploit framework. The Metasploit Pro product takes a wack at allowing teams to work together into a shared knowledge base and assists with reporting--deserves a look. The same company also sells a vulnerability scanner. -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Server Penetration Testing Femi Mogaji (Sep 23)
- [Spam] Re: Server Penetration Testing Gichuki John Chuksjonia (Sep 26)
- Re: Server Penetration Testing J Teddy (Sep 27)
- Re: Server Penetration Testing Todd Haverkos (Sep 27)
- Re: Server Penetration Testing Todd Haverkos (Sep 27)