Re: Site Security Scan

From: C Colon (foobar_at_asia.com)
Date: 04/06/04

Next message: C Colon: "Re: Site Security Scan"
Previous message: Todd H.: "Re: Question About Computer Security?"
In reply to: Alex: "Site Security Scan"
Next in thread: C Colon: "Re: Site Security Scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 6 Apr 2004 06:51:28 -0700

alexr14@yahoo.com (Alex) wrote in message news:<bf675d0a.0404051229.64a6a16a@posting.google.com>...
> Hi,
> I am trying to locate a product that will go to our specified URL and
> check the security on it. This product should locate any holes or
> breaches of security that it could find. We would like to get a
> certificate of some sort at the end to show our clients that our site
> is indeed secure, besides just getting SSL, which we already have.
>
> Please recommend as many products as you know so that I can compare
> them. Please send your replies to alexr14@yahoo.com
>
> Thanks in advance!

Will split my response in four parts

A) Remote Products

There are two ways of going about it, and both should be needed in
tandem, in the case of a web site

A.1) A remote penetration test attempting to find vulnerabilities that
can be exploited due to your network, O/S, D/B et al. configuration.
Since these are myriad, there are myriad tools out there which can be
used

A.2) Web application review applications would try and attempt to find
vulnerabilities in the web application built for the site, and will
require administrative access...

B) On-site reviews

While penetration tests provide a detailed black box approach in
finding vulns, they may not be enough to find all these vulns. In
which case, an on-site review performed by a security expert with
domain expertise in the technologies that you have deployed should
work.

C) Certification

While generic certificates such as BS7799 might, noone will provide a
certificate saying your web site is safe!!!

Hope this helps,

Regards
C:\>
-------------------------------------------
Kindly post replies to the newsgroup itself

Next message: C Colon: "Re: Site Security Scan"
Previous message: Todd H.: "Re: Question About Computer Security?"
In reply to: Alex: "Site Security Scan"
Next in thread: C Colon: "Re: Site Security Scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[NT] Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Certificate Enrollment Control, the purpose of which is to allow web-based ...
(Securiteam)
Re: Embedding Simple MFC GUI app into website
... The problem with security is that so many people say "it doesn't matter". ... particular technology is "evil" goes beyond common sense and increases ... Since you must obtain a certificate for code signing from the trusted ... use it for a general purpose web site as we have all discussed, ...
(microsoft.public.vc.mfc)
Re: Embedding Simple MFC GUI app into website
... particular technology is "evil" goes beyond common sense and increases ... ActiveX, in particular, is an antipattern for security. ... Since you must obtain a certificate for code signing from the trusted ... use it for a general purpose web site as we have all discussed, ...
(microsoft.public.vc.mfc)
Re: Secure web site access and PKI Certs
... If the PKI certificate is installed on the local ... additional security for Single Sign On to PKI enabled ... > me can access the web site as me. ...
(Security-Basics)
[NT] Vulnerability in HTML Help Allows Code Execution (MS05-001)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
(Securiteam)