HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 23 guests online
EH-Net Donations

Enter Amount:
$
Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Process of checking security of a website
Ethical Hacker Community Forums
December 02, 2008, 06:20:48 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2-Day Ethical Hacking Conference with MS Blue Hats Oct 31 - Nov 1. Tickets Only $100! www.chicagocon.com/content/view/103/51/
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Process of checking security of a website  (Read 1952 times)
0 Members and 1 Guest are viewing this topic.
Kai
Newbie
*
Offline Offline

Posts: 4


View Profile
« on: September 22, 2006, 02:41:14 AM »
Can anyone can show me all steps to check security of one website. Thanks!
Logged
ryan
Newbie
*
Offline Offline

Posts: 20



View Profile WWW
« Reply #1 on: September 22, 2006, 12:26:10 PM »
Not really.

Checking the security of a website could technically be done based on a set of sequential instructions, but you'd either be missing something, or checking way more than is necessary.

security auditing is a lot of instinct and experience and deep understanding of technologies. Not a checklist.

Once you start learning tho, here's some tools that might help you with web app pen testing:

*shameless plug* http://yaisb.blogspot.com/2006/08/new-bookmarklets.html
Logged
http://yaisb.blogspot.com
slimjim100
EH-Net Columnist
Sr. Member
*****
Offline Offline

Posts: 365



View Profile WWW
« Reply #2 on: November 14, 2006, 09:23:11 AM »
I would also say experience is a big part but I always start with getting information on the site. I guess you can call it reconnaissance, Google and Whois are very good places to start. Once you have an idea of your target you need to know what you plan on accomplishing. Like are you just checking to see what ports or services are open? Are you looking for common exploits? A lot of checking security is having goals and targeted ideas of what you want to check on. If you are just trying to see is basic services are open via ports then you could use Nmap or maybe X-Scan. To take that on step further you can use Retina, X-scan, or Metasploit Framework. There are tons of tools and techniques to test access. A lot of experience auditor do not share there techniques as this is how they make there living. I would say if you have a question on a cretin way of checking for this or that your post will get a better response. Well this is just me 2 cents.

Thanks,

Slimjim100
Logged
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.032 seconds with 22 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
During the most recent election, I:
 
Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2008 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.