2.0.53 is indeed the latest version, with fix to known vulnerabilities.The security depends on what you are using. So you might want to check per module, that is enabled, what security threats you might face. For ex, if you have cgi enabled, it depends a lot on the programmers to ensure security, since the programs might be prone to buffer overflows. You might want to check for cross site scripting and other known web security issues. I would start looking in google with web security, apache security, and the like keywords to find more info. Apache docs also have security info: http://httpd.apache.org/docs-2.0/misc/security_tips.html
HTH - Aman Raheja Pete Eakle wrote:
Sorry, I forgot to mention this. We will be running on Fedora Linux, Core 2, and Apache 2.0.53. I believe we installed the latest Apache, so I don't know if the 'updates in place' issue will apply to us yet. -Pete On Sat, 26 Mar 2005 14:35:22 -0800, Steven Pierce <pagedev1@xxxxxxxxxxxxx> wrote:Good Evening, One of items that you should list is the O/S. If you are using Windows then you would have issues that you might not have with Linux. I would assume that you are using a form of Unix (Linux, BSD, Sun, Etc). Also what version of Apache are you using, and do you have all the updates in place?? Sorry if this seems basic, but it would give the security guys a little more to go on. *********** REPLY SEPARATOR *********** On 3/26/2005 at 1:21 PM Pete Eakle wrote:My company will be announcing a new website soon, and being somewhat new to this game I am concerned about possible site break-ins. I worry that, despite our best efforts, we may still have a vulnerability somewhere that we will find out about the hard way. I was wondering if people could suggest which vulnerabilities are most likely to be exploited, or possibly suggest an article, service or tool, etc. that I could use to test out our site for vulnerabilities? Thanks a lot. -Pete PS: the site will be Apache based and use Tomcat for the dynamic parts. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.8.3 - Release Date: 3/25/2005-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.8.3 - Release Date: 3/25/2005 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
-- Regards Aman Raheja http://www.techquotes.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|