One of the most frequent questions delivered to a security officer is: Is this web site secure?
While a proper answer can be obtained only through a full blown penetration test, there a quick approach which will yield a very good "feel" of the site security.
In order to obtain relevant results by this quick approach, you need to assess the web site from the following aspects:
- Overall server weaknesses
- Web server weaknesses
- Web site/application weaknesses
To achieve the quick solution, one must use the proper tools of the trade. Luckily, the tools of the quick approach are free and very efficient:
- Nessus - For server weaknesses assessment
- Paros - For web server weaknesses assessment
- Ratproxy - For web site/application weaknesses assessment
If the target is not owned by your company, be sure to obtain consent from the owners for the scanning. Use the tools in the sequence in which they are presented
- Nessus - For server weaknesses assessment - Choose default scan and if possible, choose distruptive scans and let it rip. It generates a HTML report as it scans the target.
- Paros - For web server weaknesses assessment - Paros functions as a proxy. Once you run it, reconfigure your browser to use a proxy and select localhost at port 8080 as the proxy. This will send all requests through Paros and let it capture the site. Make sure you just visit the target site. After this, choose Analyze-> Spider, and Analyze -> Scan. After the scan is finished, choose Report -> Last Scan Report to get the HTML report.
- Ratproxy - For web site/application weaknesses assessment - Functions much like Paros. Once you run it, reconfigure your browser to use a proxy and select localhost at port 8080 as the proxy. This will send all requests through Ratproxy. Make sure you surf every possible link and use every possible function of the site. Once you are finished, parse the report output through the parser to get the HTML report.
When you complete this process, if the web server hosts other sites, use Ratproxy on as many of them as you can, to asses the possible risk to your site via attacks delivered through other sites.
Talkback and comments are most welcome
Protecting from Meddling Web Applications
Strategic Choice - Proper Selection of Web Hosting
Web Site that is not that easy to hack - Part 1 HOWTO - the bare necessities
Web Site that is not Easy to hack - Part 2 HOWTO - the web site attacks
Rules for good Corporate Web Presence