There are many different HTTP servers out there, mainly Apache and Nginx.

Each has its own security recommendations, which you’ll find on their respective pages, but there is a set of security tools that can be used on both.


Get recommendations on your server’s TLS implementation.

In the example below, is my local apache.

$ pip3 install sslyze
$ python3 -m sslyze --regular


Scan your web server for known vulnerabilities.

$ git clone
$ ./nikto/program/ -host