Re: Anyone hear of ANSA (Asp.Net Security Analyser)??
From: Dinis Cruz (dinis_at_ddplus.net)
Date: 10/12/03
- Previous message: Don: "Login audit... now what?"
- In reply to: NomadPgmr: "Anyone hear of ANSA (Asp.Net Security Analyser)??"
- Next in thread: System Knight: "Re: Anyone hear of ANSA (Asp.Net Security Analyser)??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 11 Oct 2003 17:38:22 -0700
Hello Nomad
The company that sent that email was DDPlus (www.ddplus.net) which I
am the managing director. We are London based security company (as you
can see from our website) and the objective of that email was to ask
you (as an ISP) if your servers that provide Asp.Net shared hosting
are secure.
Just to clarify, ANSA (Asp.Net Security Analyser) is not a commercial
application' or a 'home made DLL'. ANSA is a web based tool, written
in C# and VB.NET, and only contains .aspx pages (i.e. Asp.Net code).
The idea is for you (as an ISP) to 'execute' those scripts in an
normal user account, with the same environment as all your normal
hosting clients.
This is the equivalent of us ordering and paying for a hosting
account, or the equivalent of any of your existent client downloading
the security tool from it's public workspace in GotDotNet
(http://www.gotdotnet.com/Community/Workspaces/workspace.aspx?id=36ae9a2c-8740-4b52-924e-320edf64fba5)
and uploading it to their area.
Since the scripts will be executed with the rights and security
settings that you currently give to your web hosting clients, its
results will tell us if your servers are secure or not.
The second point that I want to clarify is that ANSA is an Open Source
application, which means that you can look at the source code and see
what is going on.
Finally the reason that we are looking for ISPs that have secure
servers is because we want to recommend 'secure shared hosting'
companies to our clients.
You can also contact me directly if you required any further
information.
Best regards
Dinis Cruz
.Net Security Consultant
DDPlus (www.ddplus.net)
"NomadPgmr" <nomadpgmr@hotmail.com> wrote in message news:<SLshb.254728$mp.178119@rwcrnsc51.ops.asp.att.net>...
> I work for a web hosting company and recently received an email from someone
> interested in secure hosting. They asked me to run the following scripts on
> one of our web servers, saying they would only host with a company whose
> server passed all of these tests. I have not done so and if we were even
> tempted to do so, would only do it on an isolated server that we formated
> the hard drives on afterwards. We don't even like to run some commercial
> applications or home made DLL's, so no reason to start now. Has anyone heard
> about these scripts or gotten a similar email?
>
> Body of email follows:
> Thanks,
> Roger
>
> Hello, I am interested in your Asp.Net hosting services and would like to
> know more details about its security.
>
> I work for a security company (***********) and we need to find a secure ISP
> to host some of our client's websites (particularly this one:
> **************)
>
> We also want to start offering our own ******* branded packages in our
> website.
>
> We will be reselling 'Secure Asp.Net' hosting packages using servers/ISPs
> that successfully 'fail' all ANSA (Asp.Net Security Analyser) security
> tests.
>
> So, please download the latest version of ANSA from GotDotNet
> (http://www.gotdotnet.com/Community/Workspaces/workspace.aspx?id=36ae9a2c-87
> 40-4b52-924e-320edf64fba5) and if your servers are securely configured (i.e.
> there is no 'high' or 'critical' and only some 'medium' classification
> results) send me details about your reseller hosting packages.
- Previous message: Don: "Login audit... now what?"
- In reply to: NomadPgmr: "Anyone hear of ANSA (Asp.Net Security Analyser)??"
- Next in thread: System Knight: "Re: Anyone hear of ANSA (Asp.Net Security Analyser)??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
