How to Install Apache in Windows | To install Apache in Windows, use builds available from the Apache Lounge. The Apache Lounge provides current up-to-date Apache releases compiled with current versions of OpenSSL for best security. This is preferred over apache.org Windows builds as apache.org does not maintain OpenSSL security updates. The download link is: http://www.apachelounge.com/download At the time of this post,
Drupal Security Notes
Drupal Security Notes | Check out this article on Drupal Security: Drupal Security Notes If you find this topic interesting, you may also be interested in Expert Pen Testing or CISSP training. Cool!
Enable or Disable Compression in Apache
Enable or Disable Compression in Apache | I’ll show you a quick way to actively check a server for compression as well as how to disable compression in Apache. Note: This has _no_ effect on the CRIME TLS vulnerability. Test for Compression A simple test page to test for HTTP compression is here: http://www.gidnetwork.com/tools/gzip-test.php Or alternatively, below is a manual test for
Install Drupal 7 in Ubuntu 12.04
Install Drupal 7 in Ubuntu 12.04 | Drupal 7 is provided in Ubuntu 12.04. I’ll show you how to get it up and running! 1. Install the package drupal7: $ sudo apt-get install drupal7 2. Create the following apache site configuration file: $ sudo nano /etc/apache2/sites-available/drupal7 Alias /drupal7 “/usr/share/drupal7″ < Directory /usr/share/drupal7 > Options -Indexes FollowSymLinks MultiViews < /Directory > 3. Enable
Protect Against XSS by Enabling HttpOnly for Linux Apache PHP
Protect Against XSS by Enabling HttpOnly for Linux Apache PHP | HttpOnly is a session cookie flag created to protect against cross site scripting and theft of session cookies. For good security, this should be enabled for PHP running under Apache especially for sites such as WordPress, Drupal, Joomla, and other popular PHP-based web applications. OWASP has some information on HttpOnly. I’ll show you how to
In-Depth WordPress Security
In-Depth WordPress Security | Here is an excellent write up on WordPress Security: In-Depth WordPress Security If you find this topic interesting, you may also be interested in Expert Pen Testing training. Check it out!
Fun with SHODAN
Fun with SHODAN | Shodanhq.com is awesome. These are fun: http://www.shodanhq.com/search?q=X-Powered-By%3A+PHP%2F5.1.2 Many sites running old PHP from 2006. Edit as desired to find an old php target. http://www.shodanhq.com/search?q=X-AspNet-Version%3A+1.1.4322 Incredible how many sites still use ASP .NET 1.x http://www.shodanhq.com/search?q=%22cisco-ios%22+%22last-modified%22 Web management pages for Cisco devices that have authentication disabled. http://www.shodanhq.com/search?q=Server%3A+Microsoft-IIS%2F5.0+ IIS 5.0 http://www.shodanhq.com/search?q=Server%3A+Apache%2F1. Ancient versions of Apache still in use
How to Check for SSL Renegotiation
How to Check for SSL Renegotiation | To check if a server allows SSL Renegotiation, you can use the openssl command. I’ll show you how! The commands are as follows: $ openssl s_client -connect yourdomain.com:443 Then after the regular ssl cert info displays, enter the following: GET / HTTP/1.0 R If the server allows renegotiation, it will then have something similar to
Create self-signed SSL certificate for Virtual Host
Create self-signed SSL certificate for Virtual Host | In Debian or Ubuntu, it is easy to generate a self-signed certificate for your virtual host. Here is how it works! 1. First, install the package ssl-cert: $ sudo apt-get install ssl-cert Since godaddy and the like are making 2048 bit certs common these days, optionally edit the file /usr/share/ssl-cert/ssleay.cnf and change 1024 bit 2048
Fetch HTTP headers with curl
Fetch HTTP headers with curl | A simple curl command can fetch HTTP headers from a website. Here’s how it works! The command is: $ curl -I domain.com Example: stmiller@brahms:~$ curl -I http://scottlinux.com HTTP/1.1 200 OK Date: Sat, 24 Sep 2011 02:53:17 GMT Server: Apache Strict-Transport-Security: max-age=43200; includeSubDomains Set-Cookie: bb2_screener_=1316832797+; path=/ X-Pingback: http://scottlinux.com/xmlrpc.php Set-Cookie: PHPSESSID=erh3jr41d1idkaifote48urph4; path=/ X-Hello: Hello There Vary: Accept-Encoding
