09 Jul Run A Website Security Checkup With These Free Tools
Running a website security checkup sometimes falls into the category of “Everything’s fine now, so I’ll do it later,” but we all know that it probably shouldn’t.
Many webmasters and small business owners tend to procrastinate the task of routinely checking the security of a website for the same few reasons:
- They think it’s too expensive
- They don’t know what technology they should use or how to start
- There’s too much technical jargon surrounding website security
Together, the above three factors create a perfect storm to delay critical website security tests, which could potentially prevent worse issues down the road.
Let’s put it this way—we all know that we should floss our teeth on a daily basis. Three to five minutes a day and a short stint of swollen gums is a worthwhile investment versus having to go through the much more drastic physical and financial agony of a root canal.
This same thought process should apply to website security. And guess what? Running a quick checkup will cost you less than a trip to the pharmacy for a new roll of Oral B Glide.
Here’s the shortlist of some of our favorite free tools to test website security:
Free tools to test website security
Succuri provides a free website malware and security scanner that also checks blacklisting status, website errors, and out-of-date software.
SSL Labs is a collection of documents, tools and thoughts related to SSL. Per Ivan Ristić, Qualys, it’s an attempt to better understand how SSL is deployed, and an attempt to make it better.
Use SSL Server Test to get important https details including the validity and algorithm behind your certificate, protocol details, cipher suites, and handshake simulation.
Comodo’s cWatch a.k.a The Web Inspector uses advanced malware detection technologies to identify viruses and malicious code on a web page. It is a cloud-based service that can detect continuous security threats and attacks on e-commerce websites.
The Web Inspector also utilizes sophisticated technologies such as dynamic page analysis, signature based detection, buffer overflow detection, and heuristic detection techniques.
“Web Scanning doesn’t have to suck,” says Tinfoil Security, a company that provides simple, easy to use security tools.
As a way to market these tools, and show that they don’t suck, Tinfoil provides a free scanner that checks for the OWASP Top 10 Web Application Security Risks, as well as other known and zeroday vulnerabilities.
One of the smartest things about Tinfoil’s scanner is that they require verification of your website before sharing the results of your report.
“Your vulnerabilities are sensitive information, and we’d never want anybody to have access to this data without your permission,” you’ll read after your scan completes. Fortunately, there are a few different verification options, and it’ll only take about 5 minutes to complete your account set up.
While the above tools can help scan various areas of your website as required, they aren’t foolproof.
The insights that you’ll gain will definitely push you in the right direction—and at the very least—give you a starting point to dig deeper into the various vulnerabilities that max exist on your website.
Remember: there are many different layers to web security and there isn’t one simple solution to protecting your files, databases, and end user experience.
Always be alert. Always run frequent backups. Always change your passwords. And always have a recovery plan. Because being adequately informed and prepared are still the best free tools hands down.