Architecture 101

Tech Stack

Every website is built like a Lego set. The "Tech Stack" is the specific combination of tools and frameworks used to create your site.

Identify My Stack

Instant detection of CMS, servers, and frameworks

01 Under the Hood

The "Stack" refers to the layers of software stacked on top of each other. It includes everything from the physical server (hardware) to the programming language (software) and the visual interface (frontend).

02 The "House Blueprint" Analogy

Imagine you are building a house. Your tech stack is the choice of materials and builders:

The Land (Hosting)
Where the house is built (AWS, Netlify, Vercel).

The Frame (CMS)
The basic structure (WordPress, Ghost, Shopify).

The Finish (Frontend)
The paint and furniture (React, Vue, TailwindCSS).

Knowing the blueprint helps developers build faster, but it also helps security experts find weak points.

03 The 3 Main Layers we detect

LamaniSecure looks for clues to identify these specific components:

Server & CDN

The Engine

Identifies if you use Nginx, Apache, Litespeed, or Cloudflare. Each has different security configurations.

CMS / Platform

The Brain

Detects if you're on WordPress, Drupal, or a custom-built solution. Crucial for finding platform-specific bugs.

Frameworks

The Tools

Checks for modern tools like React, Next.js, or jQuery. Helps ensure your dependencies are up-to-date.

04 The Danger of "Fingerprinting"

If your server announces Server: Nginx/1.14.0, a hacker instantly knows every bug that existed in that 2018 version of Nginx. This is why "masking" your version numbers is a common security practice.

Pro Tip: Removing headers like X-Powered-By or Server doesn't fix security issues, but it makes it harder for automated bots to find you.

05 How we identify your stack

Our scanner uses a combination of techniques to "guess" your technology:

1. Response Headers

Servers often volunteer information in their headers. We check for Server, X-Powered-By, and Via.

2. Cookie Names

Certain platforms use unique cookie names. For example, wp-settings is a dead giveaway for WordPress.

3. Modern Structural Analysis

React and Next.js leave specific attributes in the HTML (like __NEXT_DATA__). We scan your page source for these "fingerprints."

Curious about your site's foundation? Run a stack audit on the homepage to see exactly what we can detect from the outside.

06 Frequently Asked Questions

Is it bad if a hacker knows my tech stack?

Not necessarily, but it gives them a 'roadmap'. If they know you're using an old version of WordPress, they can search for specific known bugs to exploit.

How do you detect which framework I'm using?

We look for 'digital signatures'—specific HTTP headers (like X-Powered-By), unique cookie names, or structural patterns in your website's HTML code.

Can I hide my tech stack?

Yes. You can disable certain headers or use a 'Reverse Proxy' (like Cloudflare) to mask the original server information. This is called 'Security through Obscurity'.

What is 'Fingerprinting'?

It's the process of gathering many small pieces of information about a server to create a unique 'fingerprint' that identifies the exact software version running.

Know Your Stack

Identify your vulnerabilities by understanding your components.

Run a Tech Audit