AnsweredAssumed Answered

Is there a way to scan a private server that does not have access to the web?

Question asked by Ted Byers on Jul 29, 2014
Latest reply on Jul 29, 2014 by WillB



I know this seems like an odd query, as what is the point if there is no connection between the server and the web.  However, there IS a good use case for seeking something I can download, and run on one or more of my workstations to scan one of my servers.  You see, I write a lot of Perl code to create dynamic content for an number of websites, and, obviously, I have a number of test web servers on which I test this code.  I need an automated method to test both the configuration of these test websites and the security of the code I have written (and, of course, what I learn from applying such a tool to my development websites would determine how my production websites are configured and coded).


I know that Qualys SSL Labs - Projects / SSL Server Test tests public servers, which is of utility for those that own the websites, but that does not help developers who must write secure code and who needs a rigorous, automated means of testing their product BEFORE releasing it to the world.  Is there anything that supports this use case (ideally open source)?  Even better would be something I can invoke from a Perl script, (analogous to the Perl profiler: nytprof), which produces a report that is viewable within a browser: if something like this exists, it could be readily incorporated into automated testing and profiling; something every coder would appreciate.


As an aside, almost worthy of a second query, is the question of whether or not your test page does enough rigourous penetration testing to provide guidance in obtaining PCI compliance certification (for ecommerce): and does the report it produces provide information adequate to determine how to correct any detected vulnerabilities?