finding Web server vulnerabilities

when finding vulnerabilities in non-customized products such as Web servers, using an automated scanning tool is a good starting point. Unlike customized products such as Web applications, almost all Web servers use third-party software, and countless users have installed and configured these software in the same way.

in this case, the most obvious vulnerabilities can be identified quickly and efficiently by using an automated scanner to send a large number of specially designed requests and monitoring the signatures representing known vulnerabilities. Nessus is an excellent free vulnerability scanner, and there are various commercial scanners available, such as Typhon and ISS.

in addition to using scanning tools, penetration testers should always conduct in-depth research on the attacked software. At the same time, browse Security Focus, mailing list Bugtrap, Full Disclosure and other resources, and find all the recently discovered and unrepaired vulnerability information on the target software.

also note that some Web application products have an open source Web server built in, such as Apache or Jetty. Because administrators regard servers as their installed applications, rather than as part of the infrastructure they are responsible for, the security updates of these bundled servers are also applied relatively slowly. Moreover, in this case, the standard service title has also been modified. Therefore, manual testing and research on the targeted software can effectively identify vulnerabilities that cannot be found by automated scanning tools.