Free Website security checker?

zacharius

Hi all,

Ive set up a webserver over my broadband at home and would like to know if anyone knows of any free security checker tool that may be out there. Many of the advertised 'free' ones might do an audit for you but you pay for details on how to fix vulnerabilities etc.

I'd be surprised if there is one but hope someone can produce the goods!

Thanks in advance

Serbian

I don't know of any security checkers myself, but just in case you aren't already aware, many of the Irish broadband providers have a clause in their contract that specifically prohibit hosting a server.

Having said that, if you only have port 80 open, you are probably physically secure, you just have to make sure your coding is secure!

DonkeyStyle \o/

...and keep the webserver software up to date.
Maybe also run it using a limited account... I think linux runs webservers as 'nobody' or some such.

*waits for steve365 to post about how hosting yourself is a false economy*

vito

Well one thing you could do is browse to https://grc.com/x/ne.dll?bh0bkyd2 from the server itself and that site will scan all your ports to look for venerabilities.

This will help you secure your ports, but the main problem you are going to have is insecure scripts.

It really depends on what you're running. I would definitely check all your scripts for sql injection vunerabilities if you run sql DB's. Google sql injections and you should find some pretty good overviews of ow the injection works and how to test your own scripts for this.