How to use Nikto to scan for Web server vulnerabilitiesDate: Sep 23, 2013
Web server security is an increasingly pressing matter for organizations of all sizes. Attackers have turned their sights on Web server vulnerabilities, taking advantage of everything from insecure WordPress implementations to outdated Apache servers. Not only do such vulnerabilities give attackers an inroad to an organization, but they can also be used to participate in distributed denial-of-service attacks on other organizations. How can IT security teams gain a better understanding of the server security at their enterprises? Nikto, the free and open source Web server security scanner, may just represent the answer.
In this SearchSecurity screencast, Keith Barker, a Certified Information Systems Security Professional (CISSP) and trainer for CBT Nuggets LLC, provides a demo on how to use Nikto to find vulnerabilities, misconfigurations and outdated software versions on Web servers. The tool enables security pros to scan either one port or a range of ports for Web servers, which provides the additional benefit of finding rogue servers that weren't set up by the enterprise. Once a server is found, Nikto displays any known vulnerabilities from the open sourced vulnerability database; it can also scan for over 65,000 potentially dangerous files and 1,250 outdated server software versions. With this level of visibility, enterprises will be able to measure the insecurity of their Web servers and take concrete steps toward patching and updating systems.
About CBT Nuggets:
CBT Nuggets is a computer-based technology company specializing in cutting-edge online IT training. Founded in 1999 by current CEO Dan Charbonneau, CBT Nuggets provides quick, easy and affordable learning by renowned instructors for individuals, small teams and large organizations. CBT Nuggets also offers free videos on a variety of IT topics on the CBT Nuggets YouTube video channel.
About Keith Barker:
Keith Barker, CISSP, is a trainer for CBT Nuggets and has more than 27 years of IT experience. He is a double CCIE and has been named a Cisco Designated VIP. Keith is also the author of numerous Cisco Press books and articles.