One of the most trending talks in the IT world is Website Security. Did you know, the 96% applications I tested had vulnerabilities.
Below is a chart from Cenzic showing the different types of susceptibility trends found.
There are many questions about how to scan a website for security, in this article I will list a free tool to scan a site for security vulnerabilities and malware.
If it turns out to be vulnerable, then we can always protect the website with a Web Application Firewall (WAF) from a cloud-based security provider like Sucuri, Cloudflare or Stackpath.
1. ScanMyServer
ScanMyServer presents the most comprehensive reports on varieties of security tests such as SQL Injection, Cross Site Scripting, PHP Code Injection, Source Disclosure, HTTP Header Injection, Blind SQL Injection and many more.
2. Sucuri
Sucuri is the most popular free website security and malware scanner. We can do a quick test for Malware, blacklisted sites, SPAM and Deface.
Sucuri also cleans and protects websites from online threats and can run on any website platform including WordPress, Joomla, Magento, Drupal, phpBB, etc.
3. Qualys SSL Labs, Qualys FreeScan
SSL Labs is one of the most used tools to scan a site's SSL certificate. It provides an in-depth analysis of a site's https URL; including expiration date, rating, Cipher, SSL / TLS version, Handshake simulation, protocol details, BEAST and more.
If your site uses SSL, you should do this SSL test.
4. Quttera
Quttera check websites for malware exploits and security vulnerabilities.
Quttera scans the website for malicious files, suspicious files, potentially suspicious files, phishTank, Safe Browsing (Google, Yandex) and lists of domains containing Malware.
5. Detectify
Detectify is a SaaS based website security scanner. We will get 100+ automated security tests including OWASP Top 10, malware and more.
Detectify is giving a 14 day free trial, but you'll need to sign up for the scan.
6. SiteGuarding
SiteGuarding Helps to scan domains for malware, blacklisted sites, spam shots, defaces and more.
This scanner is compatible with WordPress, Joomla, Drupal, Magento, osCommerce, Bulletin and other platforms.
SiteGuarding also helps remove malware if the site gets a virus.
7. cWatch Comodo
cWatch scans sites and provides vulnerability reports including Blacklists, Phishing, Malware, Worms, Backdoors, Trojans, suspicious frames, suspicious connections.
8. UpGuard Web Scan
UpGuard Web Scan is risk assessment tool externals use available information to assess various factors including SSL, Clickjack attacks, Cookies, DNSSEC, Headers, etc.
9. Tinfoil Security
Tinfoil Security it will initially audit the website for 10 OWASP vulnerabilities and then further known security vulnerabilities. We'll get an actionable report and an option to re-scan once we're done with the necessary fixes.
10. Mozilla Observatory
Mozilla introduces Observatory yang membantu pemilik situs untuk memeriksa berbagai elemen keamanan. Ini memvalidasi terhadap keamanan header OWASP, TLS dan melakukan tes pihak ketiga dari SSL Labs, High-Tech Bridge, Security Headers, HSTS Preload, dll.
