[WEB SECURITY] Web protection

madunix madunix at gmail.com
Sun Aug 23 03:28:22 EDT 2009


Dear All,

I am running web server http://www.mywebsite.com using fedora, apache,
php, mysql and openwebmail. Our application developed internal through
our development team, the server got the following ports open
(443,80,21,22) and as administrator of the servers I have the
following questions:

General questions:
1- How would you test if the web server vulnerable?
2- How to avoid SQL injection and XSS as a matter of prevention from
bad users to launch attacks?
3- Is it possible to retrieve any data from web server like listing
directories and viewing files  with Google help?
4- Can an attacker bypass loin page without providing a valid user and
password, since I created a login area  http://www.mywebsite.com/admin
with login/password to admin the web?

I would appreciate if i could get answer/documents/links about the above?

Thanks
-mu

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list