[Owasp-delhi] Tools for Web Server V A

Rahul Shrivastava ra.shrivastava08 at gmail.com
Wed Feb 17 04:53:53 EST 2010


Hi Suresh,

1. Whtat are the free tools / open source tools actually and
practically used for web serv V A ? Qualys Guard and Nessus. They also give
you something like test scans using that you can run a few scans as you like
and this doesn't require paying them till a certain limit.

2. What are the commercial tools used for automated web server V A ? Qualys
Guard and Nessus again. You can configure them to run scan and throw reports
at periodic interval.

3. How a manual web server v a is conducted ? Any checklist and the
practical process. Not much idea about this one. Sorry

4. People can share their web server v a experience. - Well what the report
provides is a lot of information and there may be false positives also.
There generally are, then it will require some research and then talking to
the Asset owners of the Assets where the vulnerability exists. In Qualys
there are two kinds of vulnerability 1. Potential 2. Confirmed.

Hope this all gives you a good idea and helps you moving ahead !!

Regards
Rahul Shrivastava
IT Security Consultant


On Wed, Feb 17, 2010 at 11:40 AM, suresh tiwary <sureshtiwary at rediffmail.com
> wrote:

> Issue: Tools for web server V A for IIS, Apache etc ?
>
> Dear OWASP Delhi,
>
> Can anyone provide complete and comprehensive information, sites of web
> server vulnerability assessment by manual method and by automated tools.
>
> 1. What are the free tools / open source tools actually and
> practically used for web serv V A ?
>
> 2. What are the commercial tools used for automated web server V A ?
>
> 3. How a manual web server v a is conducted ? Any checklist and the
> practical process.
>
> 4. People can share their web server v a experience.
>
> Thanks & regards,
> Suresh
>
> <http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/[email protected]?>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>


-- 
Regards
Rahul Shrivastava
IT Security Consultant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100217/693f4086/attachment.html 


More information about the Owasp-delhi mailing list