CHAPTER 10 Performing a Website Vulnerability and Security Assessment
SECURITY TESTING is an absolute requirement for web servers and web applications. When you are performing web application security assessments, multiple components must be considered to adequately identify and remedy risks. Many tools, both freeware and commercial, are also available to perform security and vulnerability testing. The most accurate method will involve using multiple programs and manual techniques. In addition to selecting and using the right tools, it is equally important to plan the security assessment properly.
Some of the techniques and utilities mentioned in this chapter may be interpreted by systems administrators or security monitoring systems as intrusive or hostile. The techniques and utilities may also require administrator or root-level access to the system to successfully run or give the most accurate results. Be sure to have appropriate authority or permission as well as the necessary access to the system prior to performing any type of vulnerability or security assessment on a system.
