by Alejandro C
Using Microsoft’s own Web Applications Configuration Analyzer you can protect your own web servers from hackers and attacks. Microsoft released the newest version, 2.0, which is a free download. This programs scans IIS Servers, hosted applications, and SQL server instances for common security issues and possible misconfiguration. The security check generates a Passed, Failed, or Indeterminate outcome to which has several rules and can be broken down into several categories which are: General Applications, IIS Applications, and SQL Applications. Microsoft’s own Security & Risk management team came up with the 159 rules to which the program utilizes for checks. For the most par the scans seem to be relatively quick and can be done within minutes, with administrative rights. Scans can also be ran against multiple computer and historical ad future finding can be compared. Tests results also showed that it was able to find a more comprehensive list of vulnerabilities which comparable software packages could not; partly due to the fact that Microsoft itself created this for its own use and software packages.
Though most people think that Microsoft is a company looking to just profit and monopolize off its software that it creates it is able to offer a lot of developer tools and free application support to users and developers. Though a bit unrelated they even offer a free virus and security scanner for windows equipped with Vista/7. It would seem that Microsoft take a proactive approach in improving its software security and risks, which to me is a very important for such a innovative company. To me this security scanner is a perfect start for a web developer to use when coming up with solutions for customers and can also be used by security professional who can scan servers and provide a list of vulnerabilities.
Software companies who make and develop server software which is used world-wide should be a bit more like Microsoft. Though I am sure there is a vast amount of similar products which can scan for security flaws and such this approach is quite inventive. I have not used the software itself but from the read and small review it seems simple enough to use which makes a web administrator job a bit easier. As well as offering a piece of mind for those in charge of security and risks for a companies IT assets.
Grimes, R. (2011). Free and easy security scanner for IIS, ASP.net, SQL, and windows servers. InfoWorld.Com, , n/a-n/a. Retrieved from http://search.proquest.com/docview/870068639?accountid=10357