2008
Jun
03

Web security resources

Tags: Web security

Commonly needed Unix commands

  • List open ports: “lsof -i”
  • Established connection “netstat -vatn”

ModSecurity

ModSecurity™is an open source, free web application firewall (WAF) Apache module. With over 70% of all attacks now carried out over the web application level, organizations need all the help they can get in making their systems secure. WAFs are deployed to establish an external security layer that increases security, detects and prevents attacks before they reach web applications. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.

Five-Minutes to a More Secure SSH

A quick way to drastically improve the security of your OpenSSH server installations.

APF

Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of today’s Internet deployed servers and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative and present the user with an easy to follow process, from top to bottom of the configuration file. The management of APF on a day-to-day basis is conducted from the command line with the ‘apf’ command, which includes detailed usage information and all the features one would expect from a current and forward thinking firewall solution.

Installation Guide: How to install APF (Advanced Policy Firewall)

ConfigServer Security & Firewall (csf)

A Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.

Zenmap

Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users.

Ratproxy

A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.

 
close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus


All rights reserved. © Copyright 2008 MikkoLehtinen.com