Re: Web Application Fingerprinter

[Mike Ramirez <gufymike () gmail com>]

On Thursday, January 20, 2011 07:01:42 am elton Sheffield wrote:
> Hi Thanks for the reply.  Sorry I didn't make myself clear at all.  I mean
> to say that I need to know which apps my users, in my environment are
> using, so that I can address any issues with unpatched services etc.

In this case you should be offering a control panel system like cPanel/Plesk
(These were the popular ones when I ran a host service) or a custom job that
monitors and records this information to a db and notifies usesrs of updates
when a new version is released. This gives the users a one click solution to
installing/updating the install.

Though of course it doesn't help with users who install custom installs and
their own homebrewed solutions (your scanner won't catch these also). In these
cases, you're still at their mercy, but for added protection, you should be
using mod_security with apache to help defend against random attacks. Offering
a control panel solution does minimize the custom installs and homebrewed
solutions as users find it easier to just use the cp.

As for an actual scanner that works the way you want, I don't have one in
mind, sorry.

Mike



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------