Wednesday, February 02, 2005

ITEC 5321 - Website Vulnerability Check

ITEC 5321
Class Assignment from 1/29/05 – Find an interesting website and post a summary of its vulnerabilities on the class blog.

I took a particular interest in checking out because it is the website for my Church and they have recently asked me to help with not only re-designing the website, but also assisting them with the overall network for the Church.

I used the Sam Spade tool to check the website out. Since it is a simple brochure website, not much is needed in the way of security. However, there are quite a few items found on the page that can be exploited. I used the “crawl website” tool found in Sam Spade to check for email addresses, links to others servers, and links on the server hosting the site as well as the WHOIS information. I like the fact that the WHOIS information about the Church is very vanilla – no specific individuals listed, just the Church. Not much in the way of server links either. But the one glaring problem was the number of email addresses on the site. I found almost 50 email addresses listed (some of them duplicates). When I help the Church staff re-design the site, I’ll find a way to mask the email addresses.

Rob Hiltbrand

No comments: