Security Basics mailing list archives

Re: web server chacking.

From: Kim Guldberg <kim () bufferzone dk>
Date: Thu, 30 Jun 2005 21:06:30 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Juan

You got to start with Nessus and maybe Wiskers. Use TCPDump to
validate what is being sent and Snort also to get the full picture.
Nessus uses Nmap to portscan so that is covered also.

Best regards
Kim Guldberg
CPSA, GCFW


Juan B wrote:

|HI,
|
|I want to start chacking the security of some of our
|web servers. I use open source tools ( whoppix/knoppix
|cd).
|
|what are the best open source tools to check the
|security of those webs ( checking for buffer
|overflows, cross site scripting,IIS holes,etc..)
|
|thanks,
|
|Juan
|
|

||____________________________________________________

|Yahoo! Sports
|Rekindle the Rivalries. Sign up for Fantasy Football
|http://football.fantasysports.yahoo.com
|
|

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCxEK1kfQTAhlw9kURAmhpAJ4k5/mFrFkZ3QrRU8siN4yTsKSstgCfaqL5
niXcznOQidjHXTyNcl6vID0=
=Uqqj
-----END PGP SIGNATURE-----

Current thread:

RE: web server chacking. Roberts, Scott (Jul 04)
- <Possible follow-ups>
- Re: web server chacking. Kim Guldberg (Jul 04)
- Re: web server chacking. dallas jordan (Jul 04)
- Re: web server chacking. security-basics (Jul 05)
  - Radius Profiles for Cisco using IAS nmas (Jul 11)