I am technical lead on a large public assessable web solution based on the
Microsoft.Net framework and running on Windows 2003 Server SP1, IIS 6
and Microsoft Content Management Server 2002.
The customer has announced that they have ordered a third part security
to scan the solution for security vulnerabilities. The solution will be
scanned from the
internet and from a machine hosted on the network.
Although I believe that solution has been developed using Microsoft best
and is secure I would like to test the solution my self in order to be able
possible vulnerabilities before the test is run.
I am looking for advice of the most common scenarios a security consultant
for and recommendation to tools that can assist me in finding any
vulnerability that the
solution might have.
In this particularly case I am mostly interested in security vulnerabilities
found in the
.Net application itself since the security on the server and network is the
of the hosting provider.
I have no previous experience with having a solution scanned by a
company and would appreciate any advice you might have.