NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
GUIDELINES ON SECURING PUBLIC WEB SERVERS<br />
Appendix C—<strong>Web</strong> Security Tools and Applicati<strong>on</strong>s<br />
The tools and applicati<strong>on</strong>s referenced in this appendix are by no means a complete list of tools and<br />
applicati<strong>on</strong>s to use for <strong>Web</strong> security, nor does this publicati<strong>on</strong> imply any endorsement of certain products.<br />
Log File Analysis Tools<br />
Tool Capability <strong>Web</strong> Site Linux/<br />
Unix<br />
Win32<br />
Cost<br />
Analog<br />
Most comm<strong>on</strong><br />
OSs<br />
http://www.analog.cx/intro.html Free<br />
Descripti<strong>on</strong><br />
Analog is an automated <strong>Web</strong> server log file analysis tool that will compile <strong>on</strong> nearly any platform<br />
that supports the C programming language.<br />
Cr<strong>on</strong>olog Linux/Unix http://www.cr<strong>on</strong>olog.org/ Free<br />
Descripti<strong>on</strong><br />
Cr<strong>on</strong>olog is a program that reads log messages from its input and writes them to a set of output<br />
files c<strong>on</strong>structed using a template and the current date and time.<br />
LiveStats6<br />
Most <strong>Web</strong><br />
servers and OSs<br />
http://www.deepmetrix.com/ $$$<br />
Descripti<strong>on</strong><br />
Livestat6 is an automated <strong>Web</strong> server log file analysis tool.<br />
NetTracker<br />
Most <strong>Web</strong><br />
servers and OSs<br />
http://www.unica.com/ $$$<br />
Descripti<strong>on</strong><br />
NetTracker is an automated <strong>Web</strong> server log file analysis tool.<br />
Swatch Linux/Unix http://swatch.sourceforge.net/ Free<br />
Descripti<strong>on</strong><br />
Swatch is a Linux/Unix syslog analysis utility.<br />
Wwwstat<br />
Linux and Unix<br />
with Perl installed<br />
http://ftp.ics.uci.edu/pub/websoft/wwwstat/ Free<br />
Descripti<strong>on</strong> Wwwstat is an automated <strong>Web</strong> server log file analysis tool for comm<strong>on</strong> log file format access_log<br />
files.<br />
$$$=This product involves a fee.<br />
Vulnerability Scanning Tools<br />
Tool Capability <strong>Web</strong> Site Linux/<br />
Unix<br />
Win32<br />
Cost<br />
Internet<br />
Security<br />
Systems<br />
(ISS)<br />
Internet<br />
Scanner<br />
Vulnerability<br />
scanner<br />
http://www.iss.net/ $$$<br />
Descripti<strong>on</strong><br />
ISS Internet Scanner is a network-based vulnerability-scanning tool that identifies security holes<br />
<strong>on</strong> network hosts.<br />
Metasploit<br />
Vulnerability<br />
scanner<br />
http://www.metasploit.com/ Free<br />
Descripti<strong>on</strong><br />
Metasploit is a freeware vulnerability-scanning tool that identifies security holes <strong>on</strong> network hosts.<br />
Nessus<br />
Vulnerability<br />
scanner<br />
http://www.nessus.org/ Free<br />
C-1