Hello Mono Team
I
have developed a Open Source Asp.Net Security Analyser for IIS and was
interested to know if it works on your platform (see more details
bellow)
The
security tool attempts to exploit known vulnerabilities or mis-configurations on
the windows implementation of the .Net Framework 1.1, and presents the results
in a simple, effective and powerful way.
Since some of the serious vulnerabilities tested don't have a solution in
the current version of Microsoft's .Net Framework, it could be very interesting
if you could provide a 'secure' alternative to Microsoft's current hosting
solution (based on IIS 6.0 or IIS 5.0)
Do
you have any ISP that currently has your hosting environment configured? Does
any ISP have plans to offer services based on your
application?
Thanks for you time, and
congratulations for the work you are doing.
Best
regards
Dinis Cruz
.Net Security Consultant
DDPlus (www.ddplus.net)
---------------------------------------------------------------------------------
Asp.Net Security Analyser (ANSA) is a Open Source,
Windows based, online
tool, that tests the server's security for known vulnerabilities and
mis-configurations. The tool was initially designed to allow the
protection of ISPs that provide shared hosting services. You can
download the source code, use it in your servers and distribute it to
who ever you feel appropriate.
tool, that tests the server's security for known vulnerabilities and
mis-configurations. The tool was initially designed to allow the
protection of ISPs that provide shared hosting services. You can
download the source code, use it in your servers and distribute it to
who ever you feel appropriate.
The project's objective is to create an Open Source
tool that allows
system administrators (responsible for windows based shared hosting
environments) to easily identify and solve existent security problems.
system administrators (responsible for windows based shared hosting
environments) to easily identify and solve existent security problems.
The current version is focused on identifying security
vulnerabilities
such as: remote command execution, pour website isolation (i.e. the user
from website 'A' can see the data from website 'B'), disclosure of
sensitive information (such as usernames/passwords, running processes,
installed services), ability to do a server based port scan, etc..
such as: remote command execution, pour website isolation (i.e. the user
from website 'A' can see the data from website 'B'), disclosure of
sensitive information (such as usernames/passwords, running processes,
installed services), ability to do a server based port scan, etc..
Eventually the tool should evolve to a "Asp.Net
Security Configuration
Tool" where it will also allow the SysAdmins to securely configure their
servers
Tool" where it will also allow the SysAdmins to securely configure their
servers
This project is currently hosted in a Workspace in
GotDotNet (
<http://www.gotdotnet.com/> www.gotdotnet.com) and this is the direct
link to the project:
<http://www.gotdotnet.com/> www.gotdotnet.com) and this is the direct
link to the project:
http://www.gotdotnet.com/Community/Workspaces/Workspace.aspx?id=36ae9a2c-8740-4b52-924e-320edf64fba5
(if this link doesn't work please visit this page http://www.gotdotnet.com/community/workspaces/directory.aspx
and search for 'ANSA')
