Detect security vulnerabilities before anyone do by cloud-based web scanner.
Cyber attacks are increasing and projected to cost $2 trillion by 2019 to the business globally. The good thing is you can manage this risk by using right infrastructure, tools & skills.
Thousands of online business get attacked every day, and some of the largest hack/attacks happened in 2016.
- Dyn DDoS attack – caused many websites to go down including Netflix, SoundCloud, Spotify, Twitter, PayPal, Reddit, etc.
- Dropbox hack– millions of user accounts were compromised
- Yahoo – data breach
- Ransomware – number of ransomware attacks
A latest Cyber risk report by HP reveal that 35% of tested applications had at least one critical or high vulnerability.
Hackers use multiple techniques to attack web applications, so scanner are critical to detecting vulnerabilities.
For continuous security, scan your website regularly, avoiding data-loss from advanced persistent threats.
The following are cloud-based web vulnerability scanner, so you don’t need to install software on your server.
Detectify
Detectify checks your website for more than 500 vulnerabilities including OWASP top 10.
You can integrate Detectify in your non-production environment, revealing the risk items before going to production.
Detectify is trusted by thousands of company including Trello, King, Trust Pilot, Book My Show, Pipedrive, etc.
You can run an unlimited test on demand or schedule regularly to scan your website. Post scan, you can export the report as a summary or full report, and you also have an option to integrate the following.
- Slack, Pager Duty, Hip Chat – get notified instantly
- Trello – get results in Trello board
- JIRA – create issue whenever problem detected
- API – integrate with your API
- Zapier – Automate workflow with zapier integration
All findings are listed in the dashboard so you can drill-down to the risk item and take necessary action.
Along with common web vulnerabilities finding, Detectify offer CMS security to WordPress, Joomla, Drupal, Magento. This means CMS particular risk is covered.
This quick 2-minute video will get you started.
So go ahead and find security risk before hacker do. You can get it started with 14-day free trial.
Acunetix
Acunetix offers on-premises security scanner to run from Windows as well as a cloud-based scanner. Acunetix crawls and scans your website for more than 3000 vulnerabilities on almost any type of websites.
Acunetix uses multi-threaded fast crawler and scanner, so your web operation is not interrupted during the scan.
If you are using WordPress, then they got unique scan feature to check for more than 1200 plugin and misconfiguration.
Acunetix analyzes website code/configuration during a scan and points out the vulnerability in the report with actionable information.
Qualys
Qualys is one of the most traditional security platforms which offers not the just the web scanning but the suites of solution like:
- Malware detection
- Threat protect
- Continuous monitoring
- Vulnerability management
- cPCI/Policy Compliance
- Web application firewall
- Asset view
However, in this article, will focus only on Web Application Scanning (WAS).
Qualys WAS is end-to-end scanning solution to find website vulnerabilities and misconfigurations. You can automate the scanning and get notified whenever risk found.
You can leverage dynamic deep scanning feature where you specify the network IP range and let Qualys discover the web assets.
Not all vulnerabilities are critical or high-risk, so you can prioritize them by severity and take action accordingly.
You can sign-up for trial to explore the Qualys WAS.
Netspaker
Netsparker cover a large number of security checks including:
- Source code/database/stack trace/internal IP disclosure
- SQL injection
- XSS, DOM XSS
- Command/blind command/frame/remote code/ injection
- Local file inclusion
- Open redirection
- Web backdoor
- Weak credential
If your website is password protected then you got to specify the URL, credential and Netsparker will automatically do the necessary to execute the scan.
It’s built for an enterprise that means you can scan 1000s of the website simultaneously. Netsparker also got Desktop version for Windows.
Fortify
Fortify on Demand by HP Enterprise is security testing and vulnerability management platform. You can manage entire security from the centralized dashboard in five steps.
You can manage complete security from the centralized dashboard in five steps.
- Initiate
- Assess
- Report
- Remediate
- Retest
Not just web based application but with Fortify, you can scan Mobile application as well. Fortify provides you detailed easy to understand report.
- Executive summary of the scan
- Issue breakdown by rating & category
- Item breakdown by OWASP Top 10
- Item breakdown by analysis type
So don’t ignore anything and test everything with Fortify on Demand. You can get it started with a FREE trial.
Scan My Server
Scan My Server is powered by Beyond Security offer free security testing for blog and websites. If you are looking for a FREE solution, then this would be the best deal.
Scan My Server check your website for many vulnerabilities including:
- XSS
- Malware
- SQL injection
- HTTP header injection
You can schedule the scan to run weekly or monthly and get notified of any finding. Vulnerability Summary is categorized in High, Medium and Low risk level.
Hacker Target
Hacker Target is different than above listed. They host open source vulnerability scanner and offer you to run a scan against your website.
They have 12 different scanners which you can utilize under simple membership plan. Sounds perfect if you want to use open source scanner but don’t want to host on your own.
To find a vulnerability, the following offering tool would be useful.
- Nikto – check your website for more than 5000 vulnerabilities and misconfiguration which could expose to the risk.
- SSL Injection Test – testing using SQL map tool against HTTP GET request.
- WhatWeb Scan – to fingerprint the web server and other technologies used to build the web application.
The above-listed SaaS (Software-As-A-Service) integrate with your web applications to find vulnerabilities for continuous security. They are essential to any online business, so you fix them before someone leverage those weak points to hack it.
If you are using WordPress, Joomla, Magento, Drupal or any Blogging CMS then you may be interested in protecting your website from online threats by using cloud-based security provider, such as – Incapsula, CloudFlare, SUCURI, etc.