httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aman Raheja <arah...@techquotes.com>
Subject Re: [users@httpd] recommendations for checking website security holes?
Date Sun, 27 Mar 2005 00:45:25 GMT
2.0.53 is indeed the latest version, with fix to known vulnerabilities.
The security depends on what you are using. So you might want to check 
per module, that is enabled, what security threats you might face. For 
ex, if you have cgi enabled, it depends a lot on the programmers to 
ensure security, since the programs might be prone to buffer overflows. 
You might want to check for cross site scripting and other known web 
security issues. I would start looking in google with web security, 
apache security, and the like keywords to find more info.
Apache docs also have security info: 
http://httpd.apache.org/docs-2.0/misc/security_tips.html
HTH
- Aman Raheja

Pete Eakle wrote:

>Sorry, I forgot to mention this.  We will be running on Fedora Linux,
>Core 2, and Apache 2.0.53.  I believe we installed the latest Apache,
>so I don't know if the 'updates in place' issue will apply to us yet.
>
>    -Pete
>
>On Sat, 26 Mar 2005 14:35:22 -0800, Steven Pierce
><pagedev1@speakeasy.net> wrote:
>  
>
>>Good Evening,
>>
>>One of items that you should list is the O/S.  If you are using Windows then you would
>>have issues that you might not have with Linux.  I would assume that you are using
>>a form of Unix (Linux, BSD, Sun, Etc).  Also what version of Apache are you using,
>>and do you have all the updates in place??
>>
>>Sorry if this seems basic, but it would give the security guys a little more to
>>go on.
>>
>>*********** REPLY SEPARATOR  ***********
>>
>>On 3/26/2005 at 1:21 PM Pete Eakle wrote:
>>
>>    
>>
>>>My company will be announcing a new website soon, and being somewhat
>>>new to this game I am concerned about possible site break-ins.  I
>>>worry that, despite our best efforts, we may still have a
>>>vulnerability somewhere that we will find out about the hard way.  I
>>>was wondering if people could suggest which vulnerabilities are most
>>>likely to be exploited, or possibly suggest an article, service or
>>>tool, etc. that I could use to test out our site for vulnerabilities?
>>>
>>>Thanks a lot.
>>>
>>>   -Pete
>>>
>>>PS: the site will be Apache based and use Tomcat for the dynamic parts.
>>>
>>>---------------------------------------------------------------------
>>>The official User-To-User support forum of the Apache HTTP Server Project.
>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>>
>>>
>>>--
>>>No virus found in this incoming message.
>>>Checked by AVG Anti-Virus.
>>>Version: 7.0.308 / Virus Database: 266.8.3 - Release Date: 3/25/2005
>>>      
>>>
>>--
>>No virus found in this outgoing message.
>>Checked by AVG Anti-Virus.
>>Version: 7.0.308 / Virus Database: 266.8.3 - Release Date: 3/25/2005
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>    
>>
>
>  
>

-- 

Regards
Aman Raheja
http://www.techquotes.com



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message