Uncovering Hidden Dangers Through Vulnerability Scanning

The server your site lives on is a very dynamic device, and the software on it ages. As this aging process happens, vulnerabilities might be discovered, new exploits might be written to attack it, or you may simply discover bugs in the code.

All these issues can add up to hidden dangers in your site. Many tools are available to the administrator (and to the hackers) to help identify vulnerabilities. Following are some of the tools you may want to become familiar with.

image Be sure you have permission of the owner of the server before using any of these tools.

  • MetaSploit (http://www.metasploit.com) is one of the most popular and most powerful tools available. This open source tool is used by penetration testers, who are security professionals hired to break into sites or discover weaknesses.
  • Nikto2 (http://cirt.net/nikto2) is a web scanner that looks for weaknesses, outdated files, known vulnerabilities, and more. This is a quick and “noisy” tool. In other words, it's not stealthy, but is powerful.
  • Acunetix (http://www.acunetix.com) is a commercial vulnerability scanner that checks the applications on your site for Cross-Site Scripting (XSS) errors. It checks for legal compliance, makes comparisons against the Google Hacking Database, tests for password-protected areas, and more.
  • BURP (http://portswigger.net) offers a free and ...

Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.