NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
GUIDELINES ON SECURING PUBLIC WEB SERVERS<br />
Tool Capability <strong>Web</strong> Site Linux/<br />
Unix<br />
Win32<br />
Cost<br />
Descripti<strong>on</strong><br />
Nessus is a freeware network-based vulnerability-scanning tool that identifies security holes <strong>on</strong><br />
network hosts.<br />
Retina<br />
Vulnerability<br />
scanner<br />
http://www.eeye.com/ $$$<br />
Descripti<strong>on</strong><br />
Retina is a general-purpose network security scanner that identifies a large number of <strong>Web</strong> server<br />
vulnerabilities.<br />
SAINT<br />
Vulnerability<br />
scanner<br />
http://www.saintcorporati<strong>on</strong>.com/ $$$<br />
Descripti<strong>on</strong><br />
SAINT is a network-based vulnerability-scanning tool that identifies security holes <strong>on</strong> network<br />
hosts.<br />
SARA<br />
Vulnerability<br />
scanner<br />
http://www-arc.com/sara/ Free<br />
Descripti<strong>on</strong> SARA is a freeware network-based vulnerability-scanning tool that identifies security holes <strong>on</strong><br />
network hosts.<br />
$$$=This product involves a fee.<br />
<strong>Web</strong> Applicati<strong>on</strong> Scanning Tools<br />
Tool Capability <strong>Web</strong> Site Linux/<br />
Unix<br />
Win32<br />
Cost<br />
Acunetix<br />
<strong>Web</strong> vulnerability<br />
scanner<br />
http://www.acunetix.com/ $$$<br />
Descripti<strong>on</strong><br />
Acunetix <strong>Web</strong> vulnerability scanner is a <strong>Web</strong> applicati<strong>on</strong> vulnerability scanner.<br />
AppScan<br />
<strong>Web</strong> vulnerability<br />
scanner<br />
http://www.watchfire.com/ $$$<br />
Descripti<strong>on</strong><br />
Nikto<br />
Descripti<strong>on</strong><br />
Paros<br />
Descripti<strong>on</strong><br />
SiteDigger<br />
Descripti<strong>on</strong><br />
SSLDigger<br />
AppScan is a <strong>Web</strong> applicati<strong>on</strong> vulnerability scanner.<br />
Comm<strong>on</strong><br />
Gateway<br />
Interface (CGI)<br />
vulnerability<br />
scanner<br />
http://www.cirt.net/code/nikto.shtml Free<br />
Nikto is scanner that identifies vulnerabilities in CGI scripts.<br />
<strong>Web</strong> proxy for<br />
security testing<br />
<strong>Web</strong> applicati<strong>on</strong>s<br />
http://www.parosproxy.org/index.shtml Free<br />
Paros allows for the intercepti<strong>on</strong> and modificati<strong>on</strong> of all Hypertext Transfer Protocol (HTTP) and<br />
Secure Hypertext Transfer Protocol (HTTPS) data between server and client, including cookies<br />
and form fields, and allows for the testing of <strong>Web</strong> applicati<strong>on</strong> security.<br />
A <strong>Web</strong><br />
vulnerability<br />
scanner that<br />
looks at Google’s<br />
data <strong>on</strong> your site<br />
http://www.foundst<strong>on</strong>e.com/us/resources/<br />
proddesc/sitedigger.htm<br />
SiteDigger searches Google’s cache to look for vulnerabilities, errors, c<strong>on</strong>figurati<strong>on</strong> issues,<br />
proprietary informati<strong>on</strong>, and interesting security nuggets <strong>on</strong> <strong>Web</strong> sites.<br />
SSL cipher<br />
interrogator<br />
http://www.foundst<strong>on</strong>e.com/us/resources/<br />
proddesc/ssldigger.htm<br />
<br />
<br />
Free<br />
Free<br />
C-2