Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security

Ask Slashdot: Do-It-Yourself Security Auditing Tools? 116

Posted by timothy from the like-soapy-water-for-your-inner-tube dept.
An anonymous reader writes "I'm a 'prosumer' website builder, have a few sites that are mainly hobbies, but I would like to know that they're at least fairly robust. I'm thinking of the equivalent of a 'dental clinic' — where someone interested in the white hat security field might be willing to take on an audit for the experience and to build a resume. Or, tools such as websites that let you put in a password and see how long it takes to crack it. Or sites where you can put in a URL and it gets poked and prodded by a number of different cracker tools and a 'score' is given. Ideally with suggestions on how to improve. Does anything like that exist? I'm not talking FBI/CIA level security, but just common-sense basics. I've tried to use techniques that improve security, but I don't know how well they work. And I've realized that in the ever growing, fast changing field of computers I'm not going to ever get the knowledge I need to do this myself. I know there are software suites that allow you to sniff and test things on your own, but I'm afraid it's overwhelmingly foreign to me and I just feel like I can't reliably do this myself. Any ideas?"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Do-It-Yourself Security Auditing Tools? More

Ask Slashdot: Do-It-Yourself Security Auditing Tools?

Comments Filter:

  • Whats the point? (Score:5, Informative)

    by Splab ( 574204 ) on Tuesday March 26, 2013 @12:53PM (#43282397)

    What's the point of "basic" security check?

    But a quick search for metasploit should get you going, perhaps add a Nessus scan and go watch some Def Con presentations on SQL injection and penetration testing http://www.youtube.com/user/ChRiStIaAn008 [youtube.com] is a good place to start.

  • Web vulnerability scanner list (Score:3, Informative)

    by Anonymous Coward on Tuesday March 26, 2013 @12:57PM (#43282453)

    There are plenty of web (vulnerability scanners) that you could use, some requiring no experience and point and click, otherwise will require prior knowledge.

    http://sectools.org/tag/web-scanners/

  • Read ArsTechnica (Score:2, Informative)

    by Anonymous Coward on Tuesday March 26, 2013 @01:00PM (#43282483)

    Two articles on arstechnica recently covered booters (paid services to attack your sites using a large set of vectors), and password cracking for script kiddies.
    Here they are :
    http://arstechnica.com/security/2013/03/details-on-the-denial-of-service-attack-that-targeted-ars-technica/
    http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/

    That should give you a first hint...

  • OWASP (Score:3, Informative)

    by Anonymous Coward on Tuesday March 26, 2013 @01:01PM (#43282487)

    Posting as AC because for some annoying reason Slashdot won't let me log ion right now...

    https://www.owasp.org/index.php/Web_Application_Penetration_Testing

  • Kali Linux (Score:5, Informative)

    by Jane Q. Public ( 1010737 ) on Tuesday March 26, 2013 @01:21PM (#43282693)
    This suite of tools used to go under the name of "BackTrack", most recently BackTrack 5. It has now been named Kali Linux.

    This is a full-blown Linux distro with all the security tools you are ever likely to need. Metasploit? It's there. Nessus? It's there. The actual list of tools is huge.

    Kali won't teach you everything about using the tools (though there are good instructions available online). But it does offer all you could want in one package.

Slashdot Top Deals

I've noticed several design suggestions in your code.

Close