10 Free Online Tools to Scan Website Security

Must read:

Ferdian Alfianto

Ferdian Alfianto

Ferdian Alfianto is an Internet enthusiast, Mac Lover; likes using Wordpress, experimenting with Linux (especially Debian and Ubuntu), tinkering with pfSense routers, happy experimenting with LEMP (Linux, Nginx, MariaDB, PHP) and Redis. You can contact me here.

One of the most trending talks in the IT world is Website Security. Did you know, the 96% applications I tested had vulnerabilities.

Below is a chart from Cenzic showing the different types of susceptibility trends found.

Cenzic chart

There are many questions about how to scan a website for security, in this article I will list a free tool to scan a site for security vulnerabilities and malware.

If it turns out to be vulnerable, then we can always protect the website with a Web Application Firewall (WAF) from a cloud-based security provider like Sucuri, Cloudflare or Stackpath.

1. ScanMyServer

ScanMyServer presents the most comprehensive reports on varieties of security tests such as SQL Injection, Cross Site Scripting, PHP Code Injection, Source Disclosure, HTTP Header Injection, Blind SQL Injection and many more.

ScanMyServer
ScanMyServer display

2. Sucuri

Sucuri is the most popular free website security and malware scanner. We can do a quick test for Malware, blacklisted sites, SPAM and Deface.

Sucuri also cleans and protects websites from online threats and can run on any website platform including WordPress, Joomla, Magento, Drupal, phpBB, etc.

Sucuri Scanner
Sucuri Scanner

3. Qualys SSL Labs, Qualys FreeScan

SSL Labs is one of the most used tools to scan a site's SSL certificate. It provides an in-depth analysis of a site's https URL; including expiration date, rating, Cipher, SSL / TLS version, Handshake simulation, protocol details, BEAST and more.

If your site uses SSL, you should do this SSL test.

Qualys SSL Labs

4. Quttera

Quttera check websites for malware exploits and security vulnerabilities.

Quttera scans the website for malicious files, suspicious files, potentially suspicious files, phishTank, Safe Browsing (Google, Yandex) and lists of domains containing Malware.

Quttera

5. Detectify

Detectify is a SaaS based website security scanner. We will get 100+ automated security tests including OWASP Top 10, malware and more.

Detectify is giving a 14 day free trial, but you'll need to sign up for the scan.

6. SiteGuarding

SiteGuarding Helps to scan domains for malware, blacklisted sites, spam shots, defaces and more.

This scanner is compatible with WordPress, Joomla, Drupal, Magento, osCommerce, Bulletin and other platforms.

SiteGuarding also helps remove malware if the site gets a virus.

SiteGuarding

7. cWatch Comodo

cWatch scans sites and provides vulnerability reports including Blacklists, Phishing, Malware, Worms, Backdoors, Trojans, suspicious frames, suspicious connections.

8. UpGuard Web Scan

UpGuard Web Scan is risk assessment tool externals use available information to assess various factors including SSL, Clickjack attacks, Cookies, DNSSEC, Headers, etc.

UpGuard

9. Tinfoil Security

Tinfoil Security it will initially audit the website for 10 OWASP vulnerabilities and then further known security vulnerabilities. We'll get an actionable report and an option to re-scan once we're done with the necessary fixes.

Tinfoil

10. Mozilla Observatory

Mozilla introduces Observatory which helps site owners to check various security elements. It validates against OWASP, TLS header security and performs third party tests from SSL Labs, High-Tech Bridge, Security Headers, HSTS Preload, etc.

Facebook
Twitter
WhatsApp
Telegram
E-mail

Latest articles:

www
Internet

World's First Website

On 6 August 1991, without fanfare, British computer scientist Tim Berners-Lee published his first website while working at CERN, the large particle physics laboratory.

Related article:

8 Best Free Password Manager 2019

Password manager is an application that helps us create good and strong passwords, store them with layered security & encrypted, both stored on a local hard disk

11 Places To See Real-Time Cyber Attacks

It is quite exciting to monitor cyber attack activity in real-time around the world. Thousands of websites are hacked every day because of files or plugins

Tips for Securing a Linux Server or VPS

The server or VPS that we use to host our website is connected to the Internet, anyone can access it. To protect against access by ignorant hands, we need to