How To Scan and Check Your Website Security
Protecting your website is as important as keeping it current and one tool to help you do that is the website scan. It is an essential tool to check a website’s security and everyone should use it.
You might not think a hacker would target your website. You may not offer a shopping cart or keep logins or hold any customer data. Yet your site still has worth to a hacker. Plus, who needs the reputation damage of having their website compromised?
Hacked websites can be used to:
- Form part of a spam email relay
- Act as a temporary web server for hacking
- Act as part of a botnet
- To serve drive-by malware to visitors
- Mine for Bitcoins
To avoid these kinds of risks, a security scan will identify weaknesses before hackers do.
Website security scan
To be able to accurately assess how secure a website is, a scan will check all the typical paths a hacker would use to attack your site. This will give you an idea of your weaknesses and vulnerabilities so you can do something about them. A security scan is something every website owner should do before they go live or as soon as possible after launch.
It is straightforward, free and can save a lot of hassle and heartache!
Here are some very capable services that perform scans on your website to assess its vulnerabilities. All you need do is enter the URL of your website into the search box on each of these scanners. The program will then check the main vectors a hacker will search for when checking out your site. You can then take remedial action as necessary to improve security.
Mozilla Observatory was invented by the people behind the Firefox browser to test their own websites. It went down so well that the company decided to open it up to the public.
Observatory will check your website for cookie security flags, Cross-Origin Resource Sharing (CORS), Content Security Policy (CSP), HTTP Public Key Pinning, HTTP Strict Transport Security (HSTS), redirections, X-Frame-Options, X-Content-Type-Options, X-XSS-Protection and a lot of other stuff. It is quite the comprehensive security scanner. It is free too.
Sucuri SiteCheck is another well-established security platform supported by a big mover in web and network security. It checks for malware, redundant plugins, out of date software, blacklisting and configuration errors. While not as in-depth as Observatory or Scan My Server, the malware scanning element is a useful one.
Sucuri SiteCheck is obviously used to promote the company’s core products but does not diminish the utility this free check offers. Well worth trying if you don’t have any malware protection installed.
Scan My Server
Scan My Server is one of the most established security scanners around. Managed and run by Beyond Security, it also checks websites for vulnerabilities. It performs different checks to Observatory, so it might be worth running these two one after the other for best results.
Scan My Server checks SQL Injection, Cross Site Scripting, PHP Code Injection, Source Disclosure, HTTP Header Injection, Blind SQL Injection, XSS and a range of other vulnerabilities to keep your site safe.
SSL Server Test
If you use SSL to protect your users, SSL Server Test will be useful. It checks the configuration of your web server to ensure everything is up to scratch. It will check the certificate expiry, overall rating, Cipher, SSL/TLS version, Handshake simulation, Protocol details, BEAST and pretty much everything to do with SSL certification.
With more websites embracing SSL and more surfers demanding it, this test is a very useful one to make sure your certificate is doing what it should.
Foregenix will then generate a report on screen but will also email you a PDF of the results for later study. Like all of the scanners in this list, it is quite comprehensive and fast too.
Knowing your own weaknesses before a hacker finds them is the most effective security technique there is. You can them react appropriately and plug those gaps and strengthen against vulnerabilities as you can. There are lots of free and premium products out there that will protect your website from harm.
Don’t forget, to run the tests again once you have taken action to ensure your fixes have done the job. Run a quick scan every time your platform is updated or you make significant changes to your website. For the time it takes, it is a practice well worth getting into the habit of doing.