CHECK YOUR WEB SERVER FOR VULNERABILITIES
These days, there are unfortunately far too many people who would
love to bring down your organization's Web servers, either directly
or indirectly. If your company is serious about Web server security
and availability--and you should be--you should consider all options
available to help you not only monitor servers for intrusion but also
analyze them for vulnerabilities.
Would-be intruders focus a large majority of their attack attempts
on known vulnerabilities. Therefore, you can significantly improve
server security by identifying and closing these vulnerabilities.
Here are a couple of tools that will help you do just that: SiteDigger
and SSLDigger. Both tools are available from Foundstone, a division
SiteDigger uses a special search syntax to search Google's cache to
identify potential vulnerabilities, errors, configuration issues,
proprietary information, and details of other potential security
problems with the domain that you specify. Of course, that means Google
must have already crawled the specifieddomain, and it must exist within
SSLDigger tests the server for potential security risks associated
with SSL. It assesses the strength of SSL servers by testing the ciphers
For more information, check out the SiteDigger and SSLDigger Web pages
on Foundstone's Web site.