Why don't you detect my software stack?

One of our most common recommendations to our customers is to lie about what software stack they're running. That is, if you're running Apache as your web server, make the headers say you're running IIS. This is what is called "security through obscurity" and is definitely not something to be relied on as a protection mechanism, but doesn't hurt to deter an attacker or make it more difficult and time-consuming for an attacker to breach your website. The analogy we often use is that even with a Toyota master key, a car thief probably wouldn't use it on a BMW... or a Toyota that looked like a BMW. :)

As such, it wouldn't make sense for us to try and detect your software stack since our recommendation is for you to lie. We ask you to tell us what software stack you're running so we can tailor our results to it and make them easier to understand and act upon, but we don't auto-detect the stack so as not to confuse you with results that aren't relevant to you.

As always, if you have any questions or issues at all, please feel free to Contact Us and we'll be more than happy to assist.

Still need help? Contact Us Contact Us