CHECK YOUR WEB SERVER FOR VULNERABILITIES

These days, there are unfortunately far too many people who would love to bring down your organization's Web servers, either directly or indirectly. If your company is serious about Web server security and availability--and you should be--you should consider all options available to help you not only monitor servers for intrusion but also analyze them for vulnerabilities.

Would-be intruders focus a large majority of their attack attempts on known vulnerabilities. Therefore, you can significantly improve server security by identifying and closing these vulnerabilities. Here are a couple of tools that will help you do just that: SiteDigger and SSLDigger. Both tools are available from Foundstone, a division of McAfee.

SiteDigger uses a special search syntax to search Google's cache to identify potential vulnerabilities, errors, configuration issues, proprietary information, and details of other potential security
problems with the domain that you specify. Of course, that means Google must have already crawled the specifieddomain, and it must exist within Google's cache.

SSLDigger tests the server for potential security risks associated with SSL. It assesses the strength of SSL servers by testing the ciphers supported.

For more information, check out the SiteDigger and SSLDigger Web pages on Foundstone's Web site.