Security Basics mailing list archives
Re: Server Penetration Testing
From: J Teddy <jteddylists () gmail com>
Date: Tue, 27 Sep 2011 10:21:07 +1000
In Answer to your question. Exploit frameworks you have Metasploit and Core Impact. VA scanners you could use Nessus with Nikto or Nexpose. For web you have IBM Rational AppScan and w3af. PCI-DSS v2 states that 11.3 Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a sub-network added to the environment, or a web server added to the environment). These penetration tests must include the following:...... Organisations I have worked for never allow you to exploit mission/business critical servers. Annual pen-tests for PCI compliance in my experience have just been VA scans for network/server and manual testing for OWASP top 10 vulnerabilities. On Sat, Sep 24, 2011 at 6:06 AM, Femi Mogaji <olufemimogaji () gmail com> wrote:
Hi list, So we just had our annual audit, and one of the findings that came up is server-side pen-tests. We already carry out quarterly ASV scans & yearly pentest of our external IP addresses, where we fell short was the lack of internal pentests. The question is: what tools can I use to carry out these tests? Especially tests directed at SQL servers & file servers etc. A tool that can generate easy to read reports would be really nice. Any input will be appreciated. Thanks in advance, Femi Sent from my BlackBerry® smartphone provided by Airtel Nigeria.
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Server Penetration Testing Femi Mogaji (Sep 23)
- [Spam] Re: Server Penetration Testing Gichuki John Chuksjonia (Sep 26)
- Re: Server Penetration Testing J Teddy (Sep 27)
- Re: Server Penetration Testing Todd Haverkos (Sep 27)
- Re: Server Penetration Testing Todd Haverkos (Sep 27)