CIRT.net

So, you're sat on a customer site, and nothing is going right: patching is up to date, passwords are all set to complex values, user input is validated, you have to wear a suit and even the coffee doesn't taste very nice.

Oh, but wait! That scan against the internal web server reveals that:

Some of you may have been observant and noticed that Nikto has alerted about the lack of the X-Frame-Options header from web servers. This headers gives hints to the user agent on how it should be handled from within a frame, effectively preventing click-jacking, or the overlaying of information over a frame to fool a user into clicking on something they don't want to.

Recently all new Nikto development has moved from Assembla to GitHub!

We're happy to announce the immediate availability of Nikto 2.1.5, and that Nikto is now sponsored by Sunera LLC!

Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.

We're happy to announce the immediate availability of Nikto 2.1.4!

Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers.

This release contains a number of important bug fixes, as well as new functionality and improvements, including:

Here are some easy rules to use for HTTPS Everywhere with cirt.net and assembla.com.

File: assembla.xml

File: cirt.xml

Use it by placing it in the HTTPSEverywhereUserRules/ subdirectory in your Firefox profile directory, and then restarting Firefox.