.

Process of checking security of a website

<<

Kai

Newbie
Newbie

Posts: 4

Joined: Sun Aug 20, 2006 3:13 am

Post Fri Sep 22, 2006 2:41 am

Process of checking security of a website

Can anyone can show me all steps to check security of one website. Thanks!
<<

ryan.cartner

User avatar

Newbie
Newbie

Posts: 20

Joined: Tue Aug 15, 2006 12:26 pm

Post Fri Sep 22, 2006 12:26 pm

Re: Process of checking security of a website

Not really.

Checking the security of a website could technically be done based on a set of sequential instructions, but you'd either be missing something, or checking way more than is necessary.

security auditing is a lot of instinct and experience and deep understanding of technologies. Not a checklist.

Once you start learning tho, here's some tools that might help you with web app pen testing:

*shameless plug* http://yaisb.blogspot.com/2006/08/new-bookmarklets.html
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Tue Nov 14, 2006 10:23 am

Re: Process of checking security of a website

I would also say experience is a big part but I always start with getting information on the site. I guess you can call it reconnaissance, Google and Whois are very good places to start. Once you have an idea of your target you need to know what you plan on accomplishing. Like are you just checking to see what ports or services are open? Are you looking for common exploits? A lot of checking security is having goals and targeted ideas of what you want to check on. If you are just trying to see is basic services are open via ports then you could use Nmap or maybe X-Scan. To take that on step further you can use Retina, X-scan, or Metasploit Framework. There are tons of tools and techniques to test access. A lot of experience auditor do not share there techniques as this is how they make there living. I would say if you have a question on a cretin way of checking for this or that your post will get a better response. Well this is just me 2 cents.

Thanks,

Slimjim100
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software