- Articles
- Authors
- Blogs
- ISA Server Articles
- Links
- Message Boards
- Newsletter
- RSS
- Security Tests
- Services
- Software
- White Papers
Articles
Articles / Web Server Security
- SPIKE and BURP for real world computer security usage (Part 4)
- Date - Sep 06, 2006
- In previous articles we covered the SPIKE HTTP proxy, and how to use it. Well there are many different HTTP proxies out there, and the BURP HTTP proxy is one of the better ones. Choosing an HTTP proxy to use is often a matter of preference.
- SPIKE and BURP for real world computer security usage (Part 3)
- Date - Jul 25, 2006
- This article is the last in a series based on SPIKE the HTTP proxy.
- SPIKE and BURP for real world computer security usage (Part 2)
- Date - Jun 07, 2006
- In this part two of the article series we will actually use an HTTP proxy and find out more on how you can use this very useful tool.
- SPIKE and BURP for real world computer security usage (Part 1)
- Date - Apr 26, 2006
- This article series will demonstrate how to use an HTTP proxy.
- Protect your Web Servers with SSL
- Date - Nov 29, 2005
- HTTP communications are fine for the average Web server, which just contains informational pages. But if you’re thinking about running an e-commerce site or other Web services that require secure transactions, you need to be able to encrypt communications between your Web server and its clients. The most common means is by the use of Secure Sockets Layer (SSL), which uses public key cryptography to protect confidential user information (such as credit card or bank account numbers) that is transmitted across the Web. In this article, we’ll discuss how SSL works and show you how to enable it on your Internet Information Services (IIS) Web servers.
- Web Server Defacements (Part 3)
- Date - Apr 07, 2005
- We shall now actually deface the web server’s web page, and pull off the hack as it were. Furthermore we will peek under the hood, and look at the packets to see just what transpired so that you might recognize it in the future.
- Web Server Defacements (Part 2)
- Date - Mar 15, 2005
- In part two of this article series we shall take a more detailed look at how to actually pull off a web page defacement. The tool in use will be the outstanding open source security program Metasploit Framework. Detailed usage will be shown so you can recreate the scenario.
- Web Server Defacements (Part 1)
- Date - Feb 10, 2005
- The urban art of grafitti has traversed to the online world in the form of web server defacements. Just how do these online vandals do it though? Read on to learn how it is done, and therefore gain a deeper understanding which will help you defend against it.
- Web Server Security Issues and Front Page Server Extensions
- Date - Dec 14, 2004
- It's "common knowledge" (at least in some circles) that FrontPage Server Extensions are insecure and Web Sites created with FrontPage are vulnerable -- but is it true? What are the risks associated with FrontPage and what can you do about them? What are the recommended best practices for securing FP Web sites? In this article, we'll look at Web security from the FrontPage perspective.
- Using Client Certificate Authentication with IIS 6.0 Web Sites
- Date - Jun 24, 2004
- In spite of the fact that there’s no such thing as a secure network, there are still a lot of things you can do that doesn’t require you to take a second mortgage on your home and thousands of man-hours. This is especially true when it comes to providing secure access to Microsoft IIS Web servers.
- SSL Acceleration and Offloading: What Are the Security Implications?
- Date - Jun 02, 2004
- Secure Sockets Layer (SSL) is a popular method for encrypting data transferred over the Internet. It is commonly used to provide secure transfer of credit card information and other sensitive data in an e-commerce situation. SSL can also be used to create a virtual private networking (VPN) tunnel, as an alternative to “old standbys” IPSec and PPTP. I will discuss SSL VPNs in next month’s article titled VPN Options.
- How URL Authorization Increases Web Server Security
- Date - Jan 13, 2004
- Web servers, by their very nature, are usually exposed to outsiders and thus are vulnerable to compromise and attack. Internet Information Services (IIS) version 6, included with Windows Server 2003, provides a number of new security features designed to increase web server security. One of these is URL authorization, which works in conjunction with Server 2003’s Authorization Manager. In this article, we’ll take a look at how URL authorization is implemented in IIS 6.0, the practicalities of using it in your web services environment, and how it enhances the security of your web sites and services.
- Secure Architecture for an SQL / Web Server
- Date - Dec 10, 2003
- There are many ways to hack a Web server. One cannot assume that database servers are unassailable fortresses. So what should one do if a Web server which derives data from a database needs to be made accessible? The most obvious answer to this question is to run like hell to a calmer job. Luckily there are other, more rational answers. This article attempts to show the reader how to find the answers.
- Installing and Securing IIS Servers (Part 3)
- Date - Nov 11, 2003
- In Part I of the series we dealt with the installation of the IIS service whilst Part II covered issues related to configuring an IIS Server to handle encrypted connections. Until now, we used Internet Services Manager, a standard administration tool, to introduce changes in the IIS configuration settings. Part III is concerned with some new administration methods allowing one to modify IIS configuration settings that were previously unavailable.
- Installing and Securing IIS Servers (Part 2)
- Date - Nov 05, 2003
- The previous article showed you how to install, configure and, finally, how to connect your new Web Server to the Internet. Now you may be sure that the server runs securely. You have subscribed to Microsoft security bulletins not to omit any important patches. All you have to do now is to rest on your laurels. Are you sure about that?
- Installing and Securing IIS Servers (Part 1)
- Date - Oct 28, 2003
- IIS, an acronym for Internet Information Services is a web application server program that handles HTTP requests, ranking second in popularity (after Apache). Its popularity is mainly due to the fact that IIS sites are so easy to implement - just a few mouse-clicks away - from a total disaster.
- Locking Down IIS 6.0 with .NET: The Default Security Wizard
- Date - Jul 18, 2002
- Yeah, you’ve heard it a million times. How often you hear that IIS has been hacked, another unchecked buffer (the millionth one this year) and no, not another service pack or hot fix!
Articles topic
- [120] Authentication, Access Control & Encryption
- Updated: Nov 04, 2009
- [9] Content Security (Email & FTP)
- Updated: Apr 16, 2008
- [26] Firewalls & VPNs
- Updated: Aug 05, 2009
- [23] Intrusion Detection
- Updated: Apr 19, 2007
- [119] Misc Network Security
- Updated: Aug 19, 2009
- [6] Product Reviews
- Updated: Mar 08, 2007
- [26] Viruses, trojans and other malware
- Updated: Oct 10, 2007
- [9] Web Application Security
- Updated: Oct 22, 2008
- [17] Web Server Security
- Updated: Sep 06, 2006
- [33] Windows 2003 Security
- Updated: May 23, 2007
- [7] Windows Networking
- Updated: Jan 26, 2006
- [101] Windows OS Security
- Updated: Oct 21, 2009
- [13] Wireless Security
- Updated: Dec 28, 2006
Featured Links*
Become a WindowSecurity.com member!
Discuss your security issues with thousands of other network security experts. Click here to join!