WebApp Sec mailing list archives
Re: Web Application Fingerprinter
From: Mike Ramirez <gufymike () gmail com>
Date: Thu, 20 Jan 2011 12:37:33 -0800
On Thursday, January 20, 2011 07:01:42 am elton Sheffield wrote:
Hi Thanks for the reply. Sorry I didn't make myself clear at all. I mean to say that I need to know which apps my users, in my environment are using, so that I can address any issues with unpatched services etc.
In this case you should be offering a control panel system like cPanel/Plesk (These were the popular ones when I ran a host service) or a custom job that monitors and records this information to a db and notifies usesrs of updates when a new version is released. This gives the users a one click solution to installing/updating the install. Though of course it doesn't help with users who install custom installs and their own homebrewed solutions (your scanner won't catch these also). In these cases, you're still at their mercy, but for added protection, you should be using mod_security with apache to help defend against random attacks. Offering a control panel solution does minimize the custom installs and homebrewed solutions as users find it easier to just use the cp. As for an actual scanner that works the way you want, I don't have one in mind, sorry. Mike This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- RE: Web Application Fingerprinter, (continued)
- Message not available
- RE: Web Application Fingerprinter elton Sheffield (Jan 20)
- Re: Web Application Fingerprinter Nikhil Wagholikar (Jan 23)
- Message not available
- Re: Web Application Fingerprinter Bugtrace (Jan 20)
- Re: Web Application Fingerprinter Ryan Dewhurst (Jan 20)
- Re: Web Application Fingerprinter xtrainet aja (Jan 20)
- Re: Web Application Fingerprinter xtrainet aja (Jan 20)
- Re: Web Application Fingerprinter Robin Wood (Jan 20)
- RE: Web Application Fingerprinter vedantamsekhar () gmail com (Jan 20)
- Re: Web Application Fingerprinter Utsav (Jan 20)
- Re: Web Application Fingerprinter BugTraq (Jan 23)
- Re: Web Application Fingerprinter Utsav (Jan 20)
- Re: Web Application Fingerprinter Mike Ramirez (Jan 20)