Basic Web Applications

In configuring secure system and making it sure it remains over time is hard to do. Upgrading the system, adding patches and continuous maintenance can bring side-effects which weaken the security or even open up holes which had previously been closed. The system administrator may be very knowledgeable but still nobody is perfect. Automated vulnerability assessment tools must be utilized to check on human error. Tools are available (e.g. COPS and Tiger for UNIX) for free but may be out of date. Commercial tools available include System Security Scanner (for UNIX and NT) from Internet Security Systems, also there is Kane Security Analyst (NT) from Network Associates, Inc. Penn’s Information Security office will also run a network-based scans that can perform restricted vulnerability assessment over a network.