Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 3 years ago.
Improve this question
I'm looking for a simple self hosted website monitoring tool.
It should be somthing similar to watchmouse.com or pimgdom.com, with a nice UI, colorful charts and so on (Customers like that :)).
At the moment we use Zabbix also for HTTP monitoring, but since now our hoster care about the hardware and software monitoring on the machine directly, we don't need Zabbix anymore.
For pure http-monitoring zabbix or an other monitoring suite is really an overkill.
So what I'm not looking for is:
Zabbix
Nagios
Hyperic
...
Sadly but the truth, after some hours of researching I wasn't able to find a fitting application. My hope is now on you.
I realize this is an old question but I was looking for something like this today and came across Cabot which is self hosted and free, and according to the project's description: "provides some of the best features of PagerDuty, Server Density, Pingdom and Nagios".
Hope this helps someone in the future.
I found this a while ago for my purposes. Nice and simple and self hosted.
You do need shell access to setup cron jobs for it so it probably won't work in a shared environment.
php Server Monitor
Hope this helps.
Peter
I had a lot of success with Groundwork in the past, It's a BEAST and does just about everything imaginable and can be configured in so many ways. It might be overkill if you are just looking for something to schedule some http responses then graph the logs.
Groundwork is more for enterprise level deployments and has both Paid and Community editions with a pretty active community behind it too.
Not sure if you have already found a solution to this or not but give a shot to Apica System's Synthetic Monitoring. You can use the full SaaS, full on-premise, or hybrid model of this system. Take a look at the free trial and if you like what you see, the full portal as well as monitoring agents (with tons of more features than the trial) can be hosted behind your firewall in your own network. As per for monitoring, you can monitor websites/mobile apps, API endpoints, DNS, etc. You can also run complex use cases and see how the web app responds using Selenium or ZebraTester scripts.
If all you want to monitor is website uptime/downtime and response time, I'd have a look at TurboMonitor - it doesn't have all the bells and whistles provided by some other monitoring websites but it's quick and accurate for those two things.
Price-wise, I wouldn't take what they have on their website too seriously. I only actually found out about them when I met them in person and they were very happy to give me a "professional" account for free, supposedly like 5€/month or something on their website.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
My goal is to create a chatting website. Not so much for the sake of the website, but for the experience so I know how; just something to work towards gradually. I tried long polling, but that always ends up pissing off the webhosts whose servers I'm using. I was told to use nodejs instead. I have some idea of what it is, but no idea how to use it.
I'm guessing that the reason I can't find the answer to this question anywhere is because of how obvious it is... to everyone else.
I've been looking around and all I see are tutorials on installing it on your server when you own the server. I know you can install forums on webhost's servers, so can you also install nodejs?
Yes. You can check the full listing at https://github.com/joyent/node/wiki/Node-Hosting to check each site but it does not categorize it by free hosting..
Some I know of, I personally use Heroku.
Heroku
Nodester
Most standard LAMP hosting companies don't let you run node.js.
I currently recommend you use the Cloud9 IDE to get up and running with not only your tests and development, but also potential deployment. Cloud9 allows you to run your app from their IDE and will provide you with URL to see your app running and get familiar with node.js development.
A more manual way is to find a node.js PAAS (Platform as a Service) such as Joyent or Nodester.
Another one is Open Shift. I use them a lot and they allow you to use your own domain on the free plan. I use Heroku as well and have tried AppFog and Modulus.
But what it comes down to is whether I can use my own domain and how much they throttle my traffic. AppFog and Modulus don't allow custom domains on their free plans and seriously throttle traffic. They will cut your website off if you have one visitor an hour.
Another issue I was concerned about was with the upload of files. In particular, with my website content is added via markdown files. Most node webhosts use a variation on git deploys to update websites, with content supplied by databases. However, if you are trying to run a website without a database, using flat files, then each update must be done by a git deploy. This takes the whole website down and recreates a new website altogether (it just happens to look like the previous one). This will normally take a few minutes. Probably not a problem for a low volume website. But imagine if you are making a blog entry and you deploy it and then notice you've made a spelling mistake. You need to do a deploy all over again.
So, one of the things that attracted me to Open Shift was that they have a reserved area for flat files within your project. You can upload your files there and when your project is re-started these files will be preserved.
Appfog provides a free plan where you can host NodeJS and many other technos.
However, free plans don't allow custom domain name anymore.
There is also the Node.js Smart Machine service from Joyent.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 1 year ago.
Improve this question
I'm looking for a web host that will let me run a Haskell web application. VPS's seem attractive to me because you can run essentially anything you want. But some of the cloud hosts offer really nice scalability in terms of hard disk space and bandwidth.
Does anyone know of a host that will let me run exotic languages like Haskell but can also seamlessly scale up the hard disk space/RAM/bandwidth/CPU available to my host?
If you just want very simple hosting with CGI, NearlyFreeSpeech.net supports Haskell and some other less common languages. I personally also like their overall nonsense-free approach and sensible pricing model (pre-pay metered charges, instead of the usual model of a fixed monthly charge, oversold server capacity, and absurd overage fees).
There are a few caveats however, mainly that they don't permit standalone servers or persistent daemons, only things invoked via CGI from Apache. This might be a problem for some Haskell web app frameworks.
Maybe this is obvious, but you can always use Amazon EC2. You'll have full control, and definitely meets your requirement for seamlessly scaling up.
This may be a very late answer but I found that hosting on Heroku with its Cedar stack is the easiest. Yesod has a very clear explanation.
Apparently, it's possible to get ghc running on Webfaction. There are also threads about it in the Webfaction support forums, and the admins/techs are quite willing to make an effort to make it work, though it's clearly not something that is supposed to be available out of the box.
EDIT, 2011-08-23: Fixed link.
In theory all you need is CGI/FastCGI support. I've had some luck playing around with Happstack on a very basic Dreamhost account by following these instructions:
While non-trivial to get running, this
web experiment proves that it is at
the very least possible to run
Happstack applications on cheap
hosting providers such as Dreamhost
with little more than a shell account
and CGI support.
I've only tried this with toy applications, and don't know how it would scale.
Looks like you can also run Haskell in Azure Functions.
If you are using IHP (Integrated Haskell Platform), you can use their free cloud hosting service at https://ihpcloud.com/.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
We are developing a web application using Spring framework and Hibernate ORM. As far as application security is concerned we are using acegi to provide authentication and authorization support.
Now about user input sanitation, we have tried to take take care about attacks like XSS and sql injections. We have tried to use as much as prepared statements and hibernate criteria for database updates and queries. Inputs are sanitized for javascript also.
For testing these we have tried to use tools like Firebug, Tamper IEand Fiddler2 etc.
We have also used tools like Watch Mouse to do vulnerability tests.
What are the other tools available for web application security and what are the things to be considered before starting a web applications security testing.
Thanks you
HP has a security assessment tool called Webinspect, but it not free and I wouldn't recommend it. Either my company doesn't know how to use it, or the tool has no consistency in finding vulnerabilities.
You're better off hiring an actual pen-testing contracting agency to look for vulnerabilities in your site. Sure, you could run automated scanners, but they can only do so much. You'll probably waste more money and resources attempting to learn and implement proper pen testing then you would just hiring someone else to do it.
The fact that you're asking this question means that you are not qualified to give the kind of confidence or complete coverage a commercial application would need before launch.
You can use AppScan, but its not free.
Burpsuite is an amazing tool for web application testing.
I do agree with hiring an outside team however, but if your company cannot/will-not, put a weekend into getting familiar with BurpSuite and you will undoubtedly find some bugs.
I agree with those who have encouraged you to look to an outside pen testing firm, if you want the best results now.
That said, one of the best all-around web app pen testing tools I have used is Burp Suite (portswigger.net). There is a free version that gives you most of the functionality, but investing $400 in the Pro version, which adds a vulnerability scanner and the ability to save state, is well worth it.
In addition, you should become very familiar with the OWASP organization (owasp.org), and the information/tools they make available for web app security. The Cheat Sheets and the Testing Guides can be very helpful, if you know how to use them.
Finally, if you are determined to build up your own application security team, then you should consider hiring some folks with extensive application security experience as well as a background in software development. There is more to application security than security testing. Static security code analysis and threat modeling are just two of the other areas you should be thinking about.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 1 year ago.
Improve this question
I have been asked to provide information on available techniques for assessing our current, and any future websites for security problems. the request is in the form of
Do you know of any good free one that examines for security holes?
I think our data security is probably worth a small amount of upfront spend so any non-free methods would be appreciated too.
Our systems are a mish mash of mySQL, Oracle, SQLServer, PHP, ASP.NET etc etc systems though I guess that that does not matter too much. All the systems are secured in as much as they are patched and the firewalls are set sensibly so outside people cannot get directly to the database boxes etc.
It is XSS and similar attacks that we wish to prevent.
What do YOU use to give you confidence in your systems? ');DROP TABLE answer;
owasp would be a good place to start. There's too much to cover to include here.
If the security of your site is worth nothing to your company then that's what you should pay. For my company the security of our data and the brand image has quite a high value.
We pay a whole bunch of money for regular scans, we've trained the developers in basic hacking/security of applications, our code reviews include a security review and now we're looking at AppScan from IBM (which is expensive but in the long run probably cheaper than all the pen' testing we pay for).
You get what you pay for. Making sure you understand the owasp issues would be a good start though.
Personally, I choose not to be confident in the security of our systems. I am convinced there is always something that I am missing and thus I keep looking for it.
What you seem to be looking for is something to make others feel confident (even if that confidence is an illusion). Penetration testing is probably the right choice for that. Depending upon the tool, it shows potential vunerabilities in a nice report and then you can report how you mitigated them.
We use IBM AppScan and it is a good tool for this. As with any tester of this type you will find yourself following a lot of bad leads. Most of them are not false postives per se, more just things that might be an issue or appear to be and you will have to investigate and determine if they actually are.
I would not put a lot of faith in this kind of testing. If you app scans clean it really does not mean your app is clean. Does not mean it is worthless, but don't make it out to be more than it is.
The next thing I would look into is static analysis tools in your various languages. A lot of these are free. Hand in hand with that is developer education. That is usually a pretty cheap solution to the issue, just making sure they understand what the risks are.
There is no silver bullet, no simple answer, you need to define security as an EVERYONE problem and make sure it is given both priority and commitment.
Check out dotDefender - they've got versions for IIS/Apache/ISA. I use this app to protect against SQL Injection/XSS/DDOS/probing/encoding attacks. No piece of software will ever be perfect but in my case I run systems with sites being developed in .NET, PHP, and classic ASP with some of our sites being new and others being 5+ years old.
http://www.applicure.com/?page=dotDefender
I do also have a company do penetration testing / social engineering every year or so as well but with dotDefender I'm at least happy that I've got a baseline security blanket to protect my sites.
Of particular interest to me was that their app is fully x64 compatible - necessary since I'm using x64 web servers.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I'm in the process of testing my application with respect to security.
Aside from Fiddler, Charles and Poster (Firefox plug in). Are there any other free to use https interception (and editing) applications out there? Especially ones which can be installed w/o admin privileges.
Achilles comes to mind, but I don't think it can handle https traffic.
Achilles does work on HTTPS traffic, but they note on their site that it is not the best tool any more.
Their suggestions are Burp Suite and WebScarab both of which I highly recommend.
OWASP ZAP - its free, open source and cross platform.
Its also the most active open source web security tool and came first and second in the last 2 'Top Security Tools' surveys run by Toolswatch.org (2013, 2014)
It was originally forked from Paros, which is no longer maintained, but it now has loads more functionality.
Its an OWASP Flagship project having replaced WebScarab, which is also essentially no longer maintained.
Simon (ZAP Project Lead)
Wireshark is amazing. It captures everything on the network so you'll need to filter down to http/https: http://wiki.wireshark.org/CaptureFilters.
There are a few programs that I would suggest.
Paros Proxy and Ratproxy have already been noted.
scapy is a powerful packet manipulation tool, and has all of the sniffing and monitoring capabilities as well.
dsniff is a suite of tools that allows manipulation, injection, and all sorts of interception and modification options.
There is also a plugin for IE called Tamper IE that has a simple GUI based packet editor.
All of these are free.
Doing more research I came across Paros Proxy. Seems to be a good alternative to the
others.
I'd strongly recommend HttpWatch. I believe the basic version is free and captures your HTTPS traffic to some extent. The Professional version is worth the money.
Have a look at ratproxy. It may not be exactly what you're asking for, but is very useful in testing the security of your web app.
Rather than intercepting HTTP and allowing you to edit or replay requests, it installs as a proxy and monitors the normal use of your web app, and then provides a report on possible security issues, along with their severity. It can also be configured to attempt active XSS or XSRF attacks where it thinks there is a vulnerability.
The site says "Ratproxy is currently believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments" but I've only used it on Linux.
Check HTTP Debugger Pro
It is proxy-less solution and have zero impact to the transferring data.
Also it has modern user interface :)