Summary
In this chapter, you learned the basics of some very important tools: Snort, Nmap, Nessus, Nikto, and many more. These powerful utilities will help you monitor, test, and verify the security measures that you have put in place to protect your applications, network infrastructure, and security assets. You also learned how to look at the target system holistically and by analyzing its various data flows using Nmap, Snort, Nessus, and other tools that we described in this chapter. In addition, you learned what to look for in individual applications by leveraging application survey utilities such as Lynx, BlackWidow, and WebSleuth. Your dexterity in using these tools at the right time, in the right place, and in a timely manner is an important factor in augmenting your security skills. It is important to know each tool's capabilities and limitations. However, remember that a well-equipped toolbox doesn't make a good mechanic; you need to know how to use the utilities and have a winning strategy to tackle the problem with the appropriate tool. Throughout the rest of the book I will build on what you learned in this chapter to accomplish this goal.
The next chapter focuses on what your adversaries do. You will look at the system from the enemy's perspective and try to break it as they would. How to effectively protect against such attacks can only be validated if you look at your design from the adversaries' vantage point; this will be the real test of your security skills.
Get Web Commerce Security Design and Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
