A customer has "requested" us to do our own security scan of our web
application. (Using 4D Web Server v15.4/Windows... currently)
I'm a raw newbie at this stuff, so please be gentle. ;-)
They apparently did a security scan and said that our site "breaks" after 11
minutes.
They aren't being very forthcoming with the results of that report except above.
FYI, I'm dealing with the IT dept of a major city.
They don't seem to be completely reasonable and have their "ways" of doing
things
Only that they think we should do our own scan so "solve" the problem.
Subscribing to one of these security scanning services seems to be very
expensive, and they do a LOT more than what we need.
So....
What say y'all?
1. Do you know of a good security scanning service that doesn't empty your
bank account
2. I downloaded and am trying out "LOIC" to emulate a DDOS attack
Do you know of anything better?
3. To "remediate" the problem, I've made some changes in the Web Structure
Settings
a. set maximum concurrent web process to a much smaller number
than 32000 (128/256/512/1024)
(It looks like this might be the best thing to do)
Number of hits per hour/minute/second should be minimal in a
live situation
I'm think max hits/minute at peak time might be 100-200
b. Turned off automatic session management
Not sure if this will affect things positively or otherwise.
4. Any and all information regarding the above will be accepted with much
gratitude!
Many thanks,
Randy Engle
XC2 Software LLC
**********************************************************************
4D Internet Users Group (4D iNUG)
FAQ: http://lists.4d.com/faqnug.html
Archive: http://lists.4d.com/archives.html
Options: http://lists.4d.com/mailman/options/4d_tech
Unsub: mailto:4d_tech-unsubscr...@lists.4d.com
**********************************************************************
