Penetration Testing mailing list archives
Re: [PEN-TEST] How to deal with others' security ?
From: Steve <Steve () SECURESOLUTIONS ORG>
Date: Tue, 22 Aug 2000 18:52:08 -0600
My question is simple : - you have to do a penetration test on a web server. - you discover that there are virtual hosts on the same box than the web site you have to check.
I am not sure if I understand what you are saying. Are you saying that you are performing penatration testing on a web site that belongs to you but is hosted on someone elses servers (your ISP?) I would strongly reccomend that you do not do this without coordinating with your ISP and without their permission. While I agree that you are responsible for your web content, once you outsource the hosting to a third party the security of the hosting servers is their responsibility. Your best bet would be to contact technical support of the vulnerable server and inform them of their problems and how they should address them. If they are technically unable to perform such tasks, you might want to review who you are using for web hosting. In the case of vulnerable CGI scripts, your best bet is to email the webmasters of each site. But again, some of this might fall into your hosting vendor's laps. If you are truly concerned with the security of your web sites, host your own on a platform that you have the necessary skills in to secure.
Current thread:
- [PEN-TEST] How to deal with others' security ? Nicolas Gregoire (Aug 22)
- Re: [PEN-TEST] How to deal with others' security ? Max Vision (Aug 23)
- Re: [PEN-TEST] How to deal with others' security ? Ejovi Nuwere (Aug 24)
- <Possible follow-ups>
- Re: [PEN-TEST] How to deal with others' security ? Steve (Aug 23)
- Re: [PEN-TEST] How to deal with others' security ? Meritt, Jim (Aug 24)