Chapter 6. Assessing Web Servers

This chapter covers web server assessment. Web servers are very common, requiring a high level of security assurance due to their public nature. Here I discuss the techniques and tools used to test accessible HTTP and HTTPS services, along with their enabled components and subsystems. Testing of custom web applications and scripts that run on top of accessible web servers is covered in the next chapter.

Web Servers

Assessment of various web servers and subsystems can fill its own book. Web services are presented over HTTP, and SSL-wrapped HTTPS, found running by default on TCP ports 80 and 443, respectively.

Comprehensive testing of web services involves the following steps:

  1. Fingerprinting the web server

  2. Identifying and assessing reverse proxy mechanisms

  3. Enumerating virtual hosts and web sites running on the web server

  4. Identifying subsystems and enabled components

  5. Investigating known vulnerabilities in the web server and enabled components

  6. Crawling accessible web sites to identify files and directories of interest

  7. Brute-force password grinding against accessible authentication mechanisms

Nowadays, many corporate web sites and applications are presented through reverse proxy layers, and so steps 2 and 3 are very important, as sometimes you will find that different virtual hosts use different server-side features and subsystems. It is often the case that you must provide a valid HTTP Host: field when connecting to a web server to even fingerprint or query the ...

Get Network Security Assessment, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.