In this chapter, we discussed the process of assessing servers. We started off the chapter by looking at the common protocols that servers run. We looked at the FTP, e-mail, and SSH. We explored ways to extract information from a server when it is running these services.

Following the exploration of the common protocols, we continued with a look at databases and how we can assess them. We looked at MySQL, MSSQL, and Oracle. We discovered that the latest versions of these have more protections in place, and as such, it takes some effort to extract information when the database is configured with security in mind.

Finally, we closed the chapter and looked at different server operating systems and information that can be obtained based on the platform that we have discovered. The newer the platform we encounter, the bigger the challenge we face with respect to testing.

This concludes the chapter. In the next chapter, we will look at the more common vector that we have for attacks since the vendors have improved their security, which is the client-side attack vector.