HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 51 guests and 3 members online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Process of checking security of a website
EH-Net
May 24, 2013, 07:19:24 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Process of checking security of a website  (Read 4253 times)
0 Members and 1 Guest are viewing this topic.
Kai
Newbie
*
Offline Offline

Posts: 4


View Profile
« on: September 22, 2006, 02:41:14 AM »
Can anyone can show me all steps to check security of one website. Thanks!
Logged
ryan
Newbie
*
Offline Offline

Posts: 20



View Profile WWW
« Reply #1 on: September 22, 2006, 12:26:10 PM »
Not really.

Checking the security of a website could technically be done based on a set of sequential instructions, but you'd either be missing something, or checking way more than is necessary.

security auditing is a lot of instinct and experience and deep understanding of technologies. Not a checklist.

Once you start learning tho, here's some tools that might help you with web app pen testing:

*shameless plug* http://yaisb.blogspot.com/2006/08/new-bookmarklets.html
Logged
http://yaisb.blogspot.com
slimjim100
EH-Net Columnist
Sr. Member
*****
Offline Offline

Posts: 385



View Profile WWW
« Reply #2 on: November 14, 2006, 09:23:11 AM »
I would also say experience is a big part but I always start with getting information on the site. I guess you can call it reconnaissance, Google and Whois are very good places to start. Once you have an idea of your target you need to know what you plan on accomplishing. Like are you just checking to see what ports or services are open? Are you looking for common exploits? A lot of checking security is having goals and targeted ideas of what you want to check on. If you are just trying to see is basic services are open via ports then you could use Nmap or maybe X-Scan. To take that on step further you can use Retina, X-scan, or Metasploit Framework. There are tons of tools and techniques to test access. A lot of experience auditor do not share there techniques as this is how they make there living. I would say if you have a question on a cretin way of checking for this or that your post will get a better response. Well this is just me 2 cents.

Thanks,

Slimjim100
Logged
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.098 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.