On Tue, 15 Jun 2004, Alvin Oga wrote: > > hi ya > > On Wed, 16 Jun 2004, TiM wrote: > > > > > Look at installing mod_security, http://modsecurity.org > > > > Install some rules for it to harden your webserver, see if anything is > > flagged in the security log. > > other web server testing tools > http://www.linux-sec.net/Web/#Testing
Has anyone actually used any of these to find the vulnerabilities that are being discussed? A lot of what is listed on this page are commercial offerings, so I haven't tried them, but a couple I did try against a site that was having similar problems, and I couldn't get any of them to find the problem that is being discussed here. micah
