Professional Web Applications Themes

Security tool to check CGI scripts for security holes/vulnerabities - Linux / Unix Administration

I'm searching for a good security tool that I can use regularly to scan all the programs/scripts in my web servers cgi-bin directory to identify code that is creating security holes/vulnerbilites on the server? Does such a thing exist??? Our web server is Apache 1.3.27 on RH Linux 7.3. Any pointers would be appreciated....

  1. #1

    Default Security tool to check CGI scripts for security holes/vulnerabities

    I'm searching for a good security tool that I can use regularly to
    scan all the programs/scripts in my web servers cgi-bin directory to
    identify code that is creating security holes/vulnerbilites on the
    server? Does such a thing exist??? Our web server is Apache 1.3.27 on
    RH Linux 7.3.

    Any pointers would be appreciated.
    Trent Rivers Guest

  2. #2

    Default Re: Security tool to check CGI scripts for security holes/vulnerabities

    In article <5d170c0c.0311201106.4e78f59posting.google.com> ,
    Trent Rivers wrote:
    >I'm searching for a good security tool that I can use regularly to
    >scan all the programs/scripts in my web servers cgi-bin directory to
    >identify code that is creating security holes/vulnerbilites on the
    >server? Does such a thing exist??? Our web server is Apache 1.3.27 on
    >RH Linux 7.3.
    I've done some Perl stuff that looks for the likes of system() in its
    one-argument form and open() with pipes. And lack of tainting on the #! line.
    That was in the context of checks on the webserver too - httpd.conf writable
    by non-root, files writable by the webserver child process user etc.

    None of that was rocket science but as it is work I can't publish just
    like that.

    In fact the hardest part (which I still haven't clobbered) is figuring out
    which of the 100 or so httpd.conf files on a box (I have a user population
    requiring tomato bombardment) are actually in use. I thought of making
    apache log details like that (files used, arguments used) to syslog so that
    I can establish from that what's in use. I still haven't got round to
    trying that mod.

    I'm in favour of checking the code manually before it gets in place
    but a regular automated check is nice too.

    --
    I was less than impressed when one of my staff last year suggested
    tunneling ftp through ssh. -- Evpuneq Erivf
    all mail refused Guest

  3. #3

    Default Re: Security tool to check CGI scripts for security holes/vulnerabities

    [email]matahnuva[/email] (Trent Rivers) writes:
    > I'm searching for a good security tool that I can use regularly to
    > scan all the programs/scripts in my web servers cgi-bin directory to
    > identify code that is creating security holes/vulnerbilites on the
    > server? Does such a thing exist??? Our web server is Apache 1.3.27 on
    > RH Linux 7.3.
    >
    > Any pointers would be appreciated.
    There's a "useful testing tools" section on this page that you'll be
    interested in.
    [url]http://www.securityfocus.com/infocus/1722[/url]

    --
    Todd H.
    [url]http://www.toddh.net/[/url]
    Todd H. Guest

  4. #4

    Default Re: Security tool to check CGI scripts for security holes/vulnerabities

    "Todd H." wrote:
    >
    > [email]matahnuva[/email] (Trent Rivers) writes:
    > > I'm searching for a good security tool that I can use regularly to
    > > scan all the programs/scripts in my web servers cgi-bin directory to
    > > identify code that is creating security holes/vulnerbilites on the
    > > server? Does such a thing exist??? Our web server is Apache 1.3.27 on
    > > RH Linux 7.3.
    > >
    > > Any pointers would be appreciated.
    >
    > There's a "useful testing tools" section on this page that you'll be
    > interested in.
    > [url]http://www.securityfocus.com/infocus/1722[/url]
    >
    > --
    > Todd H.
    > [url]http://www.toddh.net/[/url]
    Another source of information:
    [url]http://www.linuxjournal.com//article.php?sid=5673[/url]

    -- Lassi
    Lassi Hippeläinen Guest

Similar Threads

  1. Email Scripts, CDOSYS, and Security
    By Library-Web in forum Macromedia Exchange Dreamweaver Extensions
    Replies: 0
    Last Post: August 30th, 11:44 PM
  2. Security - Best Encryption Tool
    By gaurav khanna in forum ASP.NET Building Controls
    Replies: 29
    Last Post: June 4th, 12:59 AM
  3. Asp.Net Security yser (new security tool by DDPlus)
    By Dinis Cruz in forum ASP.NET Security
    Replies: 2
    Last Post: October 10th, 11:35 PM
  4. Check out that security pack which came from the M$
    By Brian Zeigler in forum ASP.NET Web Services
    Replies: 1
    Last Post: September 30th, 03:52 AM
  5. [ANN] iCanary 1.0 FileMaker's premier security tool
    By Denis Somar in forum FileMaker
    Replies: 0
    Last Post: July 10th, 07:48 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139