Abstract: A security auditing computer system efficiently evaluates and reports security exposures in a target Web site hosted on a remote Web server system. The auditing system includes a crawler subsystem that constructs a first list of Web page identifiers representing the target Web site. An auditing subsystem selectively retrieves and audits Web pages based on a second list, based on the first. Retrieval is sub-selected dependent on a determined uniqueness of Web page identifiers relative to the second list. Auditing is further sub-selected dependent on a determined uniqueness of structural identifiers computed for each retrieved Web page, including structural identifiers of Web page components contained within a Web page. The computed structural identifiers are stored in correspondence with Web page identifiers and Web page component identifiers in the second list. A reporting system produces reports of security exposures identified through the auditing of Web pages and Web page components.

Abstract: In auditing a target Web site for security exposures, site specific remediation reports are generated to provide instructional data tailored to components of the Web server solution stack as determined by the auditing computer system. Stack and component identification is performed in a site independent manner based on an analysis of Web page data retrieved by the auditing computer system. Informational aspects of the received data are recognized individually and by various patterns evident in the received data, enabling further identification of component implementation aspects, such as revision levels. Based on the informational and implementation aspects, site, solution stack, and component specific security audit tests are executed against the target Web site. Audit identified security exposures are recorded in correspondence with site, solution stack, and component implementation specific remediation instruction data. This audit data is then available for reporting.

Abstract: In auditing a target Web site for security exposures, site specific remediation reports are generated to provide instructional data tailored to components of the Web server solution stack as determined by the auditing computer system. Stack and component identification is performed in a site independent manner based on an analysis of Web page data retrieved by the auditing computer system. Informational aspects of the received data are recognized, enabling further identification of component implementation aspects. Based on the informational and implementation aspects, site, solution stack, and component specific security audit tests are executed against the target Web site. Audit identified security exposures are recorded in correspondence with site, solution stack, and component implementation specific remediation instruction data.

Abstract: A security auditing computer system efficiently evaluates and reports security exposures in a target Web site hosted on a remote Web server system. The auditing system includes a crawler subsystem that constructs a first list of Web page identifiers representing the target Web site. An auditing subsystem selectively retrieves and audits Web pages based on a second list, based on the first. Retrieval is sub-selected dependent on a determined uniqueness of Web page identifiers relative to the second list. Auditing is further sub-selected dependent on a determined uniqueness of structural identifiers computed for each retrieved Web page, including structural identifiers of Web page components contained within a Web page. The computed structural identifiers are stored in correspondence with Web page identifiers and Web page component identifiers in the second list. A reporting system produces reports of security exposures identified through the auditing of Web pages and Web page components.

Abstract: In auditing a target Web site for security exposures, site specific remediation reports are generated to provide instructional data tailored to components of the Web server solution stack as determined by the auditing computer system. Stack and component identification is performed in a site independent manner based on an analysis of Web page data retrieved by the auditing computer system. Informational aspects of the received data are recognized individually and by various patterns evident in the received data, enabling further identification of component implementation aspects, such as revision levels. Based on the informational and implementation aspects, site, solution stack, and component specific security audit tests are executed against the target Web site. Audit identified security exposures are recorded in correspondence with site, solution stack, and component implementation specific remediation instruction data. This audit data is then available for reporting.

Abstract: A security auditing computer system efficiently evaluates and reports security exposures in a target Web site hosted on a remote Web server system. The auditing system includes a crawler subsystem that constructs a first list of Web page identifiers representing the target Web site. An auditing subsystem selectively retrieves and audits Web pages based on a second list, based on the first. Retrieval is sub-selected dependent on a determined uniqueness of Web page identifiers relative to the second list. Auditing is further sub-selected dependent on a determined uniqueness of structural identifiers computed for each retrieved Web page, including structural identifiers of Web page components contained within a Web page. The computed structural identifiers are stored in correspondence with Web page identifiers and Web page component identifiers in the second list. A reporting system produces reports of security exposures identified through the auditing of Web pages and Web page components.