List of some interesting testing tools:
BackTrack – Open Source Penetration Test Tool
Burp Suite – Professional Software for web security testing
IBM Rational AppScan – Commercial Web Application Security Scanner
Metasploit – Open Source Penetration Test Tool
Nessus – Freeware Network Security Vulnerability Scanner
Nikto – Open Source Web Site Security Scanner
Paros – Freeware Interception Proxy
soapUI – Web Services Testing Tool
sqlmap – Open Source SQL Injection Tool
WebScarab – Freeware Interception Proxy
WSDigger – Freeware Web Services Scanner
WSFuzzer – Freeware Web Service Scanner
ZAP – OWASP Zed Attack Proxy
OWASP Testing Guide v4
OWASP Top Ten Project
Web application Security Consortium (WASC) – 2008 Web Application Security Statistics
OWASP Developers’ Guide
Server Hardening Tips & Tricks:
Found it on the net but let’s make it better. Post your COMMENTS!
Is that really all ?
Every server security conscious organization will have their own methods for maintaining adequate system and network security. Often you will find that server hardening consultants can bring your security efforts up a notch with their specialized expertise.
Some common server hardening tips & tricks include:
– Use Data Encryption for your Communications
– Avoid using insecure protocols that send your information or passwords in plain text.
– Minimize unnecessary software on your servers.
– Disable Unwanted SUID and SGID Binaries
– Keep your operating system up to date, especially security patches.
– Using security extensions is a plus.
– When using Linux, SELinux should be considered. Linux server hardening is a primary focus for the web hosting industry, however in web hosting SELinux is probably not a good option as it often causes issues when the server is used for web hosting purposes.
– User Accounts should have very strong passwords
– Change passwords on a regular basis and do not reuse them
– Lock accounts after too many login failures. Often these login failures are illegitimate attempts to gain access to your system.
– Do not permit empty passwords.
– SSH Hardening
— Change the port from default to a non standard one
— Disable direct root logins. Switch to root from a lower level account only when necessary.
– Unnecessary services should be disabled. Disable all instances of IRC – BitchX, bnc, eggdrop, generic-sniffers, guardservices, ircd, psyBNC, ptlink.
– Securing /tmp /var/tmp /dev/shm
– Hide BIND DNS Sever Version and Apache version
– Hardening sysctl.conf
– Server hardenining by installing Root Kit Hunter and ChrootKit hunter.
– Minimize open network ports to be only what is needed for your specific circumstances.
– Configure the system firewall (Iptables) or get a software installed like CSF or APF. Proper setup of a firewall itself can prevent many attacks.
– Consider also using a hardware firewall
– Separate partitions in ways that make your system more secure.
– Disable unwanted binaries
– Maintain server logs; mirror logs to a separate log server
– Install Logwatch and review logwatch emails daily. Investigate any suspicious activity on your server.
– Use brute force and intrusion detection systems
– Install Linux Socket Monitor – Detects/alerts when new sockets are created on your system, often revealing hacker activity
– Install Mod_security as Webserver Hardening
– Hardening the Php installation
– Limit user accounts to accessing only what they need. Increased access should only be on an as-needed basis.
– Maintain proper backups
– Don’t forget about physical server security
It’s so good that i just need to recommended it.
Interested in getting a job in security industry? This is the place to start
Learn Web Penetration Testing: The Right Way.
PentesterLab is an easy and great way to learn penetration testing.
PentesterLab provides vulnerable systems that can be used to test and understand vulnerabilities.
Bootcamp provides a learning path to get into security and especially web penetration testing.
This course is a list of things to read and do, no solutions are provided since it is, in my opinion, the best and only way to learn. If you don’t manage to get one of the items done, just try harder, spend more time googling and find the solution. Finding something by yourself is the best way to learn.
Please find some basic info about the security threats. This is only the basic and most common info so I am sure there is more!
Attacker Ability Threat
Eavesdropper Intercept messages Read contents of message
Intruder Compromised host Tamper with contents of message
Impersonator Remote social engineering Trick party into giving information
Extortionist Remote / botnet Disrupt network services
Hope you enjoy it.
Do you won’t more? Post it in comments are I will try to add due to course.