====== Webserver Security Verification ======
**General Information**
Verifying security settings on web servers.
**Checklist**
* Apache HTTPD or Nginx
----
====== Verify SSL Ciphers ======
Ciphers - Check what will be used by openssl
openssl ciphers -v 'HIGH:!MEDIUM:!3DES:!ADH:!AECDH:!DHE:!EDH:!RC4'
\\
Ciphers - Perform a SSL Scan on the web server
sslscan --no-failed 192.168.1.123:443
* Look for "Supported Server Cipher(s)" and "Preferred Server Cipher(s)"
\\
Ciphers - Perform a SSL Scan on the web server, get just the Accepted lines
sslscan --no-failed 192.168.1.123:443 | grep Accepted
----
====== Verify HTTP Headers ======
Verify set HTTP headers, HSTS and others.curl --head https://mysite.domain.com/
----