Have you ever wondered how a 12 year old can hack your website! Well, I am sorry to say it’s pretty easy.
The ‘script kiddy’ hacker is not the stereotypical underground, secretive, social outcast genius. In fact, anyone can hack your website with the right tools.
I introduce Nessus security scanner. Nessus is security tools that performs over 900 remote security checks, and suggests solutions for security problems. The tools if free for non-commercial use and can be installed on Linux,Mac or Windows.
So, if you install Nessus and point it at a website (IP address) it will list any known vulnerabilities, thus, if the target site does not have the latest security patch applied Nessus will tell you!
Nessus is a tool to aid us to scan and protect our servers, however, it’s a two edged sword : if the ‘script kiddy’ see the vulnerability before you – you’re doomed.
Saying that, knowing the target has a vulnerability is not enough. You need to know how to take advantage of the vulnerability.
I introduced, Metasploit. Metasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only. Again, access to the is free.
So, Nessus+Metasploit equals the knowledge to protect your site! But beware, it can also supply the next ‘script kiddy’ with the same knowledge.
Last bit of advice: apply the latest security patches that are relevant to your server e.g. Apache, PHP and O/S!