Category Archives: Apache

Enable anti-clickjacking X-Frame-Options header

The Nikto scanner came up with this minor ‘hole’: + The anti-clickjacking X-Frame-Options header is not present The rationale behind Anti-Clickjacking is described in http://tools.ietf.org/html/draft-ietf-websec-x-frame-options-00 and http://security.stackexchange.com/questions/13341/security-issues-using-iframes To enable the header in Apache: 1) enable mod-headers module, if not enabled yet. Command: 2) add line “Header always append X-Frame-Options SAMEORIGIN” to /etc/apache2/httpd.conf 3) restart Apache… Read More »

Self hosting: Testing web server security

Since I’m starting to host this blog myself, I need to test the security of my web server. My first search ended up with Nikto scanner tool (http://hackertarget.com/nikto-tutorial/). It is very easy to run and completes the scan in less than 10 minutes. The scan is by no means complete and more tools will be… Read More »