vulnerability scan
Hello. Can anyone suggest some software that does a good vulnerability scan for a webserver? including a scan looking for vulnerable php and cgi scrpts etc etc? i'd like to use something that keeps an updated database of vulnerable scripts that it scans for. I'd like to find something that also scanned for cross-site scripting!
Thank You!
Thank You!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I am surprised Nessus has not yet been mentioned...
Nessus is probably the best or close to it.
www.nessus.org
They recently changed their 'licensing model' (that is corporate speak for "trying to make things more confusing"...)
But basically nessus is free, and has a HUGE amount of plugins.
nessus can be configured to do scans just against the web servers, but can scan databases, workstations, etc. etc.
trust me, download nessus and run it against your servers.
Nessus is probably the best or close to it.
www.nessus.org
They recently changed their 'licensing model' (that is corporate speak for "trying to make things more confusing"...)
But basically nessus is free, and has a HUGE amount of plugins.
nessus can be configured to do scans just against the web servers, but can scan databases, workstations, etc. etc.
trust me, download nessus and run it against your servers.
ASKER
thanks guys, i'm gonna look at these and see what happens. i definately would like to have an easy way to test for buffer overflows and things like that, especially on php scripts i've written.
bdetchevery: what did you say was good for testing for buffer overflows and whatnot?
bdetchevery: what did you say was good for testing for buffer overflows and whatnot?
ASKER
also, wanted to point out that i'm only really focussed on scanning script and program vulnerabilities....PHP scripts, perl scripts...like forum software and all that kind of thing. the server i'll test against is a linux server with apache...php and perl scripts.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Ahh forgot, if your company really care about security, you should search for a expecialized Security Company, with will have a much more refined job and help your company at the Challenge of security.
If you are in Brazil like me, I can suggest:
http://www.modulo.com.br/
http://www.intruders.com.br/
http://www.future.com.br/
Probabilitty all of then make Security Services from companys out of Brazil, maybe you should give it a try...
Cheers,
If you are in Brazil like me, I can suggest:
http://www.modulo.com.br/
http://www.intruders.com.br/
http://www.future.com.br/
Probabilitty all of then make Security Services from companys out of Brazil, maybe you should give it a try...
Cheers,
ASKER
bdetchevery :
I'm very new to actually testing the security of the things i've written; which i'm not proud of. but i would really like to learn how to test for these things on my own scripts. also, a question about this. if my source isn't revealed are the scripts still just as vulnerable to buffer overflows and other exploits versus if the source was revealed? i'm going to check out the links you submitted there but i didn't know if there was a special process for learning how to actually try and write a custom exploit for your own source code...like for a specific function. what are the most common exploits for php scripts that are considered a real security risk for a server and it's system files? a big thanks to you all. i tried to be as fair as i could!
I'm very new to actually testing the security of the things i've written; which i'm not proud of. but i would really like to learn how to test for these things on my own scripts. also, a question about this. if my source isn't revealed are the scripts still just as vulnerable to buffer overflows and other exploits versus if the source was revealed? i'm going to check out the links you submitted there but i didn't know if there was a special process for learning how to actually try and write a custom exploit for your own source code...like for a specific function. what are the most common exploits for php scripts that are considered a real security risk for a server and it's system files? a big thanks to you all. i tried to be as fair as i could!
Hello,
You can learn much about common web applications flaws at OWSAP (Open Web Application Security Project):
http://www.owasp.org/index.jsp
I suggest you start reading the Guide:
http://www.owasp.org/documentation/guide.html
So check the TOP 10 most commonw web flaws:
http://www.owasp.org/documentation/topten.html
Check also the FAQ (probabilitty you will have doubts that other had in the past):
http://www.owasp.org/documentation/appsec_faq.html
Check even the Paper Sections, where you can get some more in depth details about a specific class of flaw:
http://www.owasp.org/papers.html
So, you can use the WebGoat:
"WebGoat is a full J2EE web application designed to teach web application security lessons. In each lesson, users must demonstrate their understanding by exploiting a real vulnerability on the local system. The system is even clever enough to provide hints and show the user cookies, parameters and the underlying Java code if they choose. Examples of lessons include SQL injection to a fake credit card database, where the user creates the attack and steals the credit card numbers.
The WebGoat project goals are simply to create the de-facto interactive teaching environment for web security. Eventually the project may consider extending WebGoat to become an assessment tools benchmarking platform and a Java based Web site HoneyPot."
http://www.owasp.org/software/webgoat.html
off: If you are not native english speaker, you can look in the OWASP site for translations in several languages. :)
Hope this help,
Cheers
You can learn much about common web applications flaws at OWSAP (Open Web Application Security Project):
http://www.owasp.org/index.jsp
I suggest you start reading the Guide:
http://www.owasp.org/documentation/guide.html
So check the TOP 10 most commonw web flaws:
http://www.owasp.org/documentation/topten.html
Check also the FAQ (probabilitty you will have doubts that other had in the past):
http://www.owasp.org/documentation/appsec_faq.html
Check even the Paper Sections, where you can get some more in depth details about a specific class of flaw:
http://www.owasp.org/papers.html
So, you can use the WebGoat:
"WebGoat is a full J2EE web application designed to teach web application security lessons. In each lesson, users must demonstrate their understanding by exploiting a real vulnerability on the local system. The system is even clever enough to provide hints and show the user cookies, parameters and the underlying Java code if they choose. Examples of lessons include SQL injection to a fake credit card database, where the user creates the attack and steals the credit card numbers.
The WebGoat project goals are simply to create the de-facto interactive teaching environment for web security. Eventually the project may consider extending WebGoat to become an assessment tools benchmarking platform and a Java based Web site HoneyPot."
http://www.owasp.org/software/webgoat.html
off: If you are not native english speaker, you can look in the OWASP site for translations in several languages. :)
Hope this help,
Cheers
ASKER
thanks zgrp. yes i speak english. i'm going to check all of these things out for certain!
thanks a bunch!!
thanks a bunch!!
Wow ! You asked a very interesting question regarding the 'revealing source code' and not revealing the source code.
If I might be so humble as to rephrase, this is like asking is 'open source' software more secure then non open-source (mostly commercial) software.
I will refrain for giving my own opinion directly except to say the following:
1) Proper peer source code review is considered a good quality practice among many software developers. The review of source code by multiple "trusted" people, and the implementation of suggested fixes helps to improve both the quality of the software, and helps the programmer avoid similar mistakes in the future.
2) I have never met a cracker (ethical or otherwise) that cared about what the source code looks like. The basic principle employed is to "hit as many computers as possible..and see what stuff falls out"..and then later analyze the "stuff" that fell out to figure out where to go from here. That's not to say they are not knowledgeable of common vulnerabilities, it's just a matter of efficiency. Since computers are so fast, it's easier to hit multiple machines with multiple attacks then to bother to sit down and try specific attacks at a specific PHP script that someone wrote.
If I can be so blunt I would say 99% of all attacks are black box attacks, the person doing the attack doesn't really care about what the code looks like. Most crackers
I don't have any specific statistics but I would defer to zgrp and say one thing to watch out for is called SQL Injection. If your PHP script is accessing an SQL database It's probably the most common mistake made and makes it pretty easy to gain unauthorized information from a server.
Hope this helps
If I might be so humble as to rephrase, this is like asking is 'open source' software more secure then non open-source (mostly commercial) software.
I will refrain for giving my own opinion directly except to say the following:
1) Proper peer source code review is considered a good quality practice among many software developers. The review of source code by multiple "trusted" people, and the implementation of suggested fixes helps to improve both the quality of the software, and helps the programmer avoid similar mistakes in the future.
2) I have never met a cracker (ethical or otherwise) that cared about what the source code looks like. The basic principle employed is to "hit as many computers as possible..and see what stuff falls out"..and then later analyze the "stuff" that fell out to figure out where to go from here. That's not to say they are not knowledgeable of common vulnerabilities, it's just a matter of efficiency. Since computers are so fast, it's easier to hit multiple machines with multiple attacks then to bother to sit down and try specific attacks at a specific PHP script that someone wrote.
If I can be so blunt I would say 99% of all attacks are black box attacks, the person doing the attack doesn't really care about what the code looks like. Most crackers
I don't have any specific statistics but I would defer to zgrp and say one thing to watch out for is called SQL Injection. If your PHP script is accessing an SQL database It's probably the most common mistake made and makes it pretty easy to gain unauthorized information from a server.
Hope this helps
ASKER
ahh, i see. i gotta learn about these blackbox techniques and whatnot ;) i'm inexperienced with all this. and i'm not interested in harming someone else's scripts or anything, i just want to test my own to make sure i'm doing things correctly. i've lived long enough to know I'll pay in the end for trying to hurt someone else's property! so i wanna just stick to my own stuff! i've heard of sql injection and need to learn how to test my scripts because most of my php stuff is backended by mysql! :)
thanks once again!
thanks once again!
http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx