How to use Nikto to scan for Web server vulnerabilities

How to use Nikto to scan for Web server vulnerabilities

Date: Sep 23, 2013

Web server security is an increasingly pressing matter for organizations of all sizes. Attackers have turned their sights on Web server vulnerabilities, taking advantage of everything from insecure WordPress implementations to outdated Apache servers. Not only do such vulnerabilities give attackers an inroad to an organization, but they can also be used to participate in distributed denial-of-service attacks on other organizations. How can IT security teams gain a better understanding of the server security at their enterprises? Nikto, the free and open source Web server security scanner, may just represent the answer.

In this SearchSecurity screencast, Keith Barker, a Certified Information Systems Security Professional (CISSP) and trainer for CBT Nuggets LLC, provides a brief Nikto tutorial. Learn how to use Nikto to find vulnerabilities, misconfigurations and outdated software versions on Web servers. The tool enables security pros to scan either one port or a range of ports for Web servers, which provides the additional benefit of finding rogue servers that weren't set up by the enterprise. Once a server is found, Nikto displays any known vulnerabilities from the open sourced vulnerability database; it can also scan for over 65,000 potentially dangerous files and 1,250 outdated server software versions. With this level of visibility, enterprises will be able to measure the insecurity of their Web servers and take concrete steps toward patching and updating systems.

Next steps:
Learn more about detecting and preventing website vulnerabilities.
Read about open source website vulnerability scanner and recon tools.
Discover more about the top website vulnerabilities.
Check out our website vulnerabilities blog archive.

CBT Nuggets logo

About CBT Nuggets:
CBT Nuggets is a computer-based technology company specializing in cutting-edge online IT training. Founded in 1999 by current CEO Dan Charbonneau, CBT Nuggets provides quick, easy and affordable learning by renowned instructors for individuals, small teams and large organizations. CBT Nuggets also offers free videos on a variety of IT topics on the CBT Nuggets YouTube video channel.

About Keith Barker:
Keith Barker, CISSP, is a trainer for CBT Nuggets and has more than 27 years of IT experience. He is a double CCIE and has been named a Cisco Designated VIP. Keith is also the author of numerous Cisco Press books and articles.

More on Open Source Security Tools and Applications

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Expert Discussion

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest