How can we scan a website for vulnerabilities? Are there any tools we can find or we need to write it ourself? for eg:
WEBSITE: www dot example dot com
WEBSERVER: apache 2.2.3
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Paros can do some basic security and injection checks.
Nikto can scan for some known vulnerabilities (updates are a tad infrequent).
A list which mentions these plus others above is here:
As well as keeping Apache up to date (as mentioned by Thorin) also keep any web applications/server side script languages up to date, e.g. PHP, any forum/bulletin board/wikis, etc
A little friendly comment:
They are mostly VERY NOISY!
For those of you who are new to examinations of this type that means that they 'blast out' a high number of investigative sequences in a very short time.
Such activity might cause an excess report and a reset to your connection.
For educational purposes first run on an internal network only.