Skip to main content

website Security

More
17 years 7 months ago #16985 by Ranger24
website Security was created by Ranger24
Hi Guys,

My fathers company are havin a new website built and I'd like to be able to check it over for security issues when it is eventually finished (it'll take approx 6 months to complete. My old man is a bit indecisive!)

In the meantime I'd like to learn about website security, attacks, preventions etc. Can you point me in the correct direction, and to the kind of tools I will need?

Cheers,

R
Patience - the last reserve of the any engineer
More
17 years 7 months ago #16992 by DaLight
Replied by DaLight on topic Re: website Security
I will just drop some pointers which are by no means exhaustive.

1. Will the website be hosted internally by your father's company or on external servers? If on external servers, are they dedicated to your father's company, or shared with other companies?

The answers to the above questions will determine who is responsible for firewalling and gateway security arrangements as well as whether you will be able to obtain permission to carry out any required penetration tests.

2. The application stack i.e. Windows/IIS/ASP/SQL Server, Linux/Apache/My Sql/PHP, etc as this will determine what types of tests, vulnerabilies to look for.

3. Useful tools are:
Nikto : an Open Source (GPL) web server scanner
Nessus
Nmap

Also check out this book which I recently reviewed on Apache security, and this one which was reviewed by The Bishop.
More
17 years 7 months ago #16999 by TheBishop
Replied by TheBishop on topic Re: website Security
I was just about to recommend that book but you beat me to it. It would be an excellent investment for exactly this scenario. Check out the Firewall.cx book reviews section for the review
Time to create page: 0.131 seconds