Evil Hackers are lurking everywhere and many Web-applications are delicately and share “too much” with the attacker.
A quick (first!) overview offers the Tool “ASafaWeb”. All the website does is making a few requests and writing an Analyses including problem solving’s. There are no permanent disadvantages (bad requests/ DoS attacks and so on).
Example: KnowYourStack.com
There is a short description including a problem solving:
The last test recommends hiding the information’s about the ASP.NET version / IIS.
That’s not enough!
The service only provides very simple tests – For example there is no test for the entering validation. Here you need to be very carefully!
If someone wants to share more tips with us you are welcome J
Prevent the Top 10 Security holes!
Some time ago Philip Proplesch referred about the excellent Blog row from Troy Hunt: OWASP Top 10 for .NET developer’s part 1: Injection. Read!