We help IT Professionals succeed at work.

Penetration testing

rcleon
rcleon asked
on
853 Views
Last Modified: 2013-11-16
Hi I just instaled a dedicated web server and would like to run some penetration test, I'm using Window Vista, the web server uses CentOS, it would have to be remote from my location the server is across the country.

Any help will be great.

Thanks

Rafael
Comment
Watch Question

CERTIFIED EXPERT
Most Valuable Expert 2015

Commented:
You can really only do penetration testing with the PC doing the testing sitting in the same lan segment as the hosting server you are testing is. The best tool for this is backtrack. You can start it as a VMware Server Virtual Machine, so you could install VMware server on a PC at the location your server is at, or even on the server running your web, and do your testing via that:

http://www.backtrack-linux.org/
http://vmware.com
CERTIFIED EXPERT

Commented:
PCFlank has a battery of online security test which will attempt almost every exploit known and tell you the results: http://www.pcflank.com/
Rich RumbleSecurity Samurai
CERTIFIED EXPERT
Top Expert 2006
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
madunixExecutive IT Director, (EE MVE)
CERTIFIED EXPERT
Most Valuable Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
You can also look at "audit" tool for web server
@ http://www.darknet.org.uk/2009/03/webshag-110-released-free-web-server-audit-tool/

for web application can check out
@ http://pentestit.com/2010/03/20/skipfish-active-web-application-security-reconnaissance-tool/

can check out this paper that also use Cent OS, may be of use for hardening. OWASP has quite an established references and tool in their site (can google and check out later)
@ http://www.owasp.org/images/0/01/Secure_Web_App_Server_McRee_OWASP.pdf

Excerpt

This paper describes methodology to build a secure Web application server utilizing the benefits of SELinux with a CentOS 4.3 distribution, along with the Apache httpd server and Apache-Tomcat communicating via mod_jk. Additionally, the use of iptables, mod_rewrite, and mod_security will be discussed.

Author

Commented:
Guys your answers are great learned a lot, thank you so much for al your help and information. I will split the points best I can because you all deserve 500.

Thanks

Rafael

Author

Commented:
Thank you all.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.