This time I will tell you about material related to OWASP Testing Configuration Management. After reading the book from the OWASP testing guide about me and my group to try to practice the material on Testing Configuration Management. The following are the steps we have done :
1. SSL / TLS Testing
With the konsole we write this command :
root@bt:~# nmap -F -sV akakom.ac.id
Starting Nmap 5.51 ( http://nmap.org ) at 2011-06-04 19:08 WIT
Nmap scan report for akakom.ac.id (110.76.151.2)
Host is up (0.97s latency).
Not shown: 87 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.5 (protocol 2.0)
25/tcp open smtp Sendmail 8.14.4/8.14.4
53/tcp open domain
80/tcp open http Apache httpd
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
143/tcp open imap Dovecot imapd
444/tcp filtered snpp
445/tcp filtered microsoft-ds
587/tcp open smtp Sendmail 8.14.4/8.14.4
993/tcp open ssl/imap Dovecot imapd
995/tcp open pop3s?
Service Info: Host: mail.akakom.ac.id; OS: Unix
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 100.09 seconds
After that command, we try to use nessus as our tools. this is the way how to use nessus :
In the konsole write command below :
root@bt:~# apt-get install nessus
Follow the steps, and we got an email. We must register first. And then login with username and password.
Click scans and fill in what you want done. wait until the process have finished.
This is a file we've downloaded :
Testing SSL Certificate Validity - Client and Server
First steps we open the browser and we try to write on address bar https://www.akakom.ac.id and these result :
Click add exception!
After that, if we click 'confirm security exception' the result is :
No comments:
Post a Comment