The list of successful attacks through web servers is long: first, because attackers can access operating system resources through vulnerabilities that should never be accessible to the outside world; second, because faulty settings or errors are made by admins when setting up their web servers (e.g., configuring aliases and allowing directory listings) or securing certain areas and functions; and third, especially in dynamic web applications, because scripting language interpreters or application servers are allowed to run in the background, which itself causes security problems or lets insecure scripts or programs execute. If you are responsible for the security of your corporate infrastructure, you probably have an overview of the web servers that are accessible from the Internet. Ideally, you will operate these servers in dedicated areas of your demilitarized zone (DMZ network) and deploy web application firewalls to prevent attacks wherever possible. Nikto [1]
lets you check the web server, the configuration, and the stored content and generates a detailed report that helps you support the people responsible for further hardening operations. Nikto is written in Perl and has been under development since 2001. Unlike many other security products from that time, however, Nikto is still under active development today. Even if the last version tagged as stable dates back to 2015, you can always retrieve the latest Perl script from the Git repository on GitHub. To prepare the tests, first clone the Git repository with the command:
git clone https://github.com/sullo/nikto.git
この記事は ADMIN Network & Security の ADMIN #74: Software-Defined Networking 版に掲載されています。
7 日間の Magzter GOLD 無料トライアルを開始して、何千もの厳選されたプレミアム ストーリー、9,000 以上の雑誌や新聞にアクセスしてください。
すでに購読者です ? サインイン
この記事は ADMIN Network & Security の ADMIN #74: Software-Defined Networking 版に掲載されています。
7 日間の Magzter GOLD 無料トライアルを開始して、何千もの厳選されたプレミアム ストーリー、9,000 以上の雑誌や新聞にアクセスしてください。
すでに購読者です? サインイン
Manage projects in SMEs with OpenProject Best-Laid Plans
OpenProject supplies sensible, comprehensive project management for SMEs with few financial inputs.
Synchronize passwords in KeePass Digital Safe
Usernames and passwords play an important role in security. In this article, we show you how to set up the KeePass password manager and keep it synchronized across multiple devices.
Test mechanisms for best practices in cloud design Best Clouds
Develop resilient and efficient cloud infrastructures for enterprise applications with the AWS Well-Architected Framework. We show you how to implement the solutions from the framework in practical terms by providing an introduction to the AWS Well-Architected tool with an example.
Six new security features Windows Server 2022 for Shielded
Configure the Secured-core server components to reduce the attack surface of your system with minimal overhead.
Cooperation with Cyn.in Fast Action
Cyn.in open source groupware focuses on connecting employees quickly and easily. We show you how to set up a Cyn.in environment, exchange knowledge, collaborate on projects, and manage processes. By Holger Reibold
Passkeys eliminate the need for password-based authentication Password Overboard!
Passwords are becoming a thing of the past. We look into the basic weaknesses of passwords, explain what passkeys are all about, and assess their practicality.
Best practices when working with Docker images Shipshape
Whether you are developing containerized applications or running them, observing best practices helps to obtain optimal results.
Monitoring changes in Active Directory with built-in tools Tracking Down Attackers
Monitoring with built-in Windows tools can prevent the worst from happening after an attempted attack.
Discover vulnerabilities with Google Tsunami Before the Wave
Google Tsunami security scanner detects errors that typically signal danger and outputs alerts. We look into how you can get the tool up and running and even write the required plugins yourself.
Containers made simple Fully Automated
The Portainer graphical management interface makes it easy to deploy containers, relieving you of huge amounts of routine work you would normally have to handle with Docker, Podman, or Kubernetes. However, the licensing structure leaves something to be desired.