5 Online Scanners to Help Secure Your Website
When building websites, security should be a primary factor. Today, I provide five scanners to assist in making your site more secure.
Back in 90's, everyone started getting into web development and it was considered the wild west.
Security wasn't even a thought because everyone was testing the waters with what this Internet thing was.
Seven years ago, I mentioned how to secure web applications by recommending everyone read Troy Hunt's post on how to protect yourself as a .NET developer (even better...watch his PluralSight course on OWASP Top 10 Web Application Security Risks for ASP.NET).
Fast forward to today.
When you do business on the Internet, your first priority should be to your customers and the security of their information.
However, when a business is starting out, most can't afford to hire a web security specialist. If you hire a web specialist to build your site, they should have a solid understanding of how to secure a website.
Today, I'll go over some simple web security analyzers to examine your site and give you an idea how secure your site really is for your users.
This free online tool scans your website and searches for Blacklist, Worms, Backdoors, Trojans, and Malware on your site.
Once you realize you have these on your site, I would definitely contact my web administrator and networking team to fix these issues.
If you have a secure site using SSL, pay particular attention to this Qualys SSL Labs.
This free service performs a deep configuration analysis of any SSL server on the web. It confirms whether everything was setup properly or not.
There are times where a third-party comes in and sets up an SSL certificate for your site, then they leave.
This site confirms whether it was setup properly or not.
Another great malware and vulnerabilities online site checker.
It looks for malicious and suspicious files and looks for the domain in a Malware domain list.
If your site is on the malware list, you may have to perform some housecleaning on your site.
For Microsoft sites, ASAFAWeb is one of my favorites. It was developed by Troy Hunt (@TroyHunt) and stands for Automated Security Analyser for ASP.NET Websites.
It provides a detailed report by scanning a Microsoft-based site and determines if you have closed off any holes specific to your technology. For example, Clickjacking or turning off your ELMAH recorder.
For anyone building ASP.NET web sites, you want to have this site handy to scan your site from the outside in.
At first glance, this has a Google-like feel to it.
Mainly because it's a simple process. Enter in your website URL and it's off and analyzing.
The UpGuard Scanner allows a person to enter a URL and scan a website to grade it on various factors including SSL configuration, Cookies, and Headers just to name a few.
They also give you a security grade so you can keep coming back to check on your progress.
I see these sites as the start of something bigger where cyber security specialists come into a company, run a set of tools against a URL, and determine whether it's secure or not.
These types of tools are meant to run on a monthly basis especially when monthly updates or releases are pushed out to the public.
Additional Reading Material
Did I miss some online tools that you use? Post your comment below and let's discuss.