LN-security
https://www.tenable.com/products/nessus/nessus-professional
https://www.tenable.com/products/nessus-home
https://github.com/sullo/nikto
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
https://github.com/zaproxy/zaproxy/wiki/Downloads
https://code.google.com/archive/p/skipfish/
http_conf
Default :: ServerTokens OS >>> ServerTokens Prod others add ServerTokens Prod ??? add Header always append X-Frame-Options SAMEORIGIN
php.ini
expose_php=On >>> expose_php=off
http-SSL
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 >>> SSLProtocol +TLSv1.2 に変更 How2CHECK openssl s_client -connect test.your.host.name:443 -tls1_1 NG openssl s_client -connect test.your.host.name:443 -tls1_2 OK