Scan Your WebSite, Blog for Security Vulnerabilities, Malware, Trojans, Viruses and online threats
One of the most trending talks in Information Technologies is Web Security. Do you know 96% of tested applications have vulnerabilities
Below chart from Cenzic shows different types of the vulnerability trend found.
We often pay attention to website design, SEO, contents and underestimate the security area. As a website, blog owner web security should have higher importance than anything.
There were many questions about how to scan for website security, mobile app vulnerabilities so here you go. In this article, I will list out free tools to scan your site for security vulnerabilities, malware.
If found vulnerable, then you can always protect your website with Web Application Firewall from cloud-based security provider like SUCURI.
Scan My Server
ScanMyServer provides one of the most comprehensive reports of varieties of security test like SQL Injection, Cross Site Scripting, PHP Code Injection, Source Disclosure, HTTP Header Injection, Blind SQL Injection and much more.
Scan report is notified by email with a vulnerability summary.
SUCURI is the most popular free website malware and security scanner. You can do a quick test for Malware, Website blacklisting, Injected SPAM and Defacements.
SUCURI also clean and protect your website from online threats and works on any website platforms including WordPress, Joomla, Magento, Drupal, phpBB, etc.
Qualys SSL Labs, Qualys FreeScan
SSL Labs is one of most used tools to scan SSL web server. It provides in-depth analysis of your https URL including expiry day, overall rating, Cipher, SSL/TLS version, Handshake simulation, Protocol details, BEAST and much more.
If you are running a secure (https) website, you shouldn’t wait anymore to do a quick test.
FreeScan test website for OWASP Top Risks and malware, against SCP security benchmark and much more. You need to register a free account to perform this scan.
Refer to my another post to find out SSL/TLS specific vulnerabilities.
Quttera check website for malware and vulnerabilities exploits.
It scans your website for malicious files, suspicious files, potentially suspicious files, phishTank, Safe Browsing (Google, Yandex) and Malware domain list.
Detectify is a SaaS-based website security scanner. This got 100+ automated security tests including OWASP Top 10, malware and much more.
Detectify provider 21-day free trial and you must register to perform a security scan against your website.
SiteGuarding helps you to scan your domain for malware, website blacklisting, injected spam, defacement and much more.
The scanner is compatible with WordPress, Joomla, Drupal, Magento, osCommerce, Bulletin and another platform.
SiteGuarding also helps you to remove malware from your website so if you are site is affected by viruses, they will be useful.
Web Inspector scans your site and provides a thread report including Blacklist, Phishing, Malware, Worms, Backdoors, Trojans, Suspicious frames, Suspicious connections.
So, go ahead and run a scan to find out whether it is malicious or not.
Acunetix analyzes complete website for more than 500 vulnerabilities including DNS and network infrastructure from Acunetix servers.
They provide free 14 days trial, and you can register and validate your domain as explained here before the security scan.
Netsparker Cloud is an enterprise web application security scanner which scans for more than 25 critical vulnerabilities. Netsparker is free for open source project else you can request for the trial to run the scan.
You may refer my step-by-step guide on how to register for an account and perform the scan.
UpGuard Web Scan
UpGuard Web Scan is an external risk assessment tool uses the publicly available information to grade on various factors including SSL, Clickjack attack, Cookie, DNSSEC, Headers, etc. It’s still in beta but worth trying out.
Tinfoil security first audits your website against top 10 OWASP vulnerabilities and then other known security holes. You get an actionable report and an option to re-scan once you are done with necessary fixes.
Entire setup will take around 5 minutes, and you can scan even if your website is protected or behind single sign-on.
Mozilla recently introduced observatory which helps a site owner to check various security elements. It validates against OWASP header security, TLS best practices and performs third-party tests from SSL Labs, High-Tech Bridge, Security Headers, HSTS Preload, etc.
While the above tools help you to scan your website on-demand you may also wish to schedule them for an automatic security scan. One of the essentials for security is to monitor them, so you get notified whenever it’s down or hacked.