One of the most trending talks in Information Technologies is Web Security. Do you know 96% of tested applications have vulnerabilities? Below chart from Cenzic shows different types of the vulnerable trend found.
We often pay attention to website design, SEO, contents and underestimate the security area. As a website, blog owner web security should have higher importance than anything. This article is in response to “Apache Web Server Hardening & Security Guide”.
There were many questions how to scan for website security so here you go. In this article, I will list out free tools to scan your website for security vulnerabilities, malware.
You can always protect your website with Web Application Firewall from cloud-based security provider like Incapsula.
1. Scan My Server
ScanMyServer provide one of the most comprehensive reports of varieties of security test like SQL Injection, Cross Site Scripting, PHP Code Injection, Source Disclosure, HTTP Header Injection, Blind SQL Injection and much more. Scan report is notified by email with vulnerability summary.
SUCURI is the most popular free website malware and security scanner. You can do a quick test for Malware, Website blacklisting, Injected SPAM and Defacements. SUCURI clean and protect your website from online threats and works on any type of website platforms including WordPress, Joomla, Magento, Drupal, phpPP, etc.
3. Qualys SSL Labs, Qualys FreeScan
SSL Labs is one of most used tools to scan SSL web server. It provides deep analysis of your https URL including expiry day, overall rating, Cipher, SSL/TLS version, Handshake simulation, Protocol details, BEAST and much more. If you are running a secure (https) website, you shouldn’t wait anymore to do a quick test.
FreeScan test website for OWASP Top Risks and malware, against SCP security benchmark and much more. You need to register a free account in order to perform this scan.
Quttera check website for malware and vulnerabilities exploits. If scan your website for malicious files, suspicious files, potentially suspicious files, phishTank, Safe Browsing (Google, Yandex) and Malware domain list.
Detectify is a SaaS-based website security scanner. This got 100+ automated security tests including OWASP Top 10, malware and much more. Detectify provider 21-day free trial and you must register in order to perform security scan against your website.
SiteGuarding helps you to scan your domain for malware, website blacklisting, injected spam, defacement and much more. The scanner is compatible with WordPress, Joomla, Drupal, Magento, osCommerce, Bulletin and another platform.
SiteGuarding also helps you to remove malware from your website so if you are website is affected by viruses, they will be useful.
7. Web Inspector
Web Inspector scans your website and provides thread report including Blacklist, Phishing, Malware, Worms, Backdoors, Trojans, Suspicious frames, Suspicious connections. So, go ahead and run a scan to find out whether it is malicious or not.
Acunetix analyzes complete website for more than 500 vulnerabilities including DNS and network infrastructure from Acunetix servers. They provide free 14 days trial and you can register and validate your domain as explained here prior to the security scan.
9. Asafa Web
AsafaWeb provides quick scan results of Tracing, Custom errors, Stack trace, Hash Dos Patch, EMLAH log, HTTP Only Cookies, Secure Cookies, Clickjacking and much more.
10. Netsparker Cloud
Netsparker Cloud is an enterprise web application security scanner which scans for more than 25 critical vulnerabilities. Netsparker is free for open source project else you can request for the trial to run the scan. Refer my step-by-step guide on how to register for an account and perform the scan.
11. UpGuard Web Scan
UpGuard Web Scan is external risk assessment tool uses publicly available information to grade on various factors including SSL, Clickjack attack, Cookie, DNSSEC, Headers, etc. It’s still in beta but worth trying out.
12. Tinfoil Security
Tinfoil security first audits your website against top 10 OWASP vulnerabilities and then other known security holes. You get actionable report and option to re-scan once you are done with necessary fixes. Setting up will take around 5 minutes and you can scan even if your website is protected or behind single sign-on.
One of the essentials for security is to monitor them so you get notified whenever it’s down or hacked. While above tools help you to scan your website on-demand you may also wish to schedule them for an automatic security scan.
Thank you Chandan Kumar from geekflare.com