Something was wrong with the Web server. It was nearly 5:30 p.m., and no mail had been delivered for roughly an hour. When I logged on, I discovered that the disk partition dedicated to incoming e-mail was pegged at 102 percent . . .
Something was wrong with the Web server. It was nearly 5:30 p.m., and no mail had been delivered for roughly an hour. When I logged on, I discovered that the disk partition dedicated to incoming e-mail was pegged at 102 percent of capacity. And on my server, the system load--a measure of how hard the computer is working--had jumped from its normal level of 0.5 to an all-time high of 27. Perhaps all this was related to the fact that my server, which normally takes close to 8,000 hits a day, had received more than 20,000 hits during the past two hours--many of those hits requesting URLs that looked suspicious.

My system was clearly under attack. But by whom? Then I remembered: I had asked SPI Dynamics to unleash its website auditing tool, WebInspect, against my home server. Not just any auditing tool, WebInspect is specifically designed for penetration testing Web-based applications. The program uses a Web spider to map out every page on the server, examines each page for Web errors that an outsider could exploit, and then tries to exploit them.

The link for this article located at CSOOnline is no longer available.