There are a number of useful and free third party website scanners available which can be a great addition to your tool box.
Here we will look at three offerings from Foregenix, Sucuri and SSL Labs.
Foregenix
Founded in 2009 consisting of a team specialising in digital forensics the company developed extensively into compliance and risk services. Specifically they have a history of providing security solutions to their customers.
They provide a free website Security Check which “determines how vulnerable your website is to being hacked. Is is also capable of detecting if your site has already been compromised.”
The first section gives a Risk indicator and tag, in the example below we see a risk indicator of 35 Low Risk. The scanner provides a list of the scan results under the headings of Vulnerabilities, Blacklist, Website Overview and SSL Certificate. Here you can easily see if there is anything that requires further attention.
Below this is a 5 step more detailed breakdown of the results:
Vulnerabilities, Blacklist, Website Overview, SSL Certificate and a fifth step which involves employ Foregenix to undertake a 30 day Website Health Check service (price available).
Sucuri
Founded in 2010 Sucuri was originally providing webmasters a tool that enabled them visibility into the stats of security for their websites. In, 2010 Sucuri became a LLC and now has over 100 employees in 27 different countries.
“Sucuri SiteCheck scanner will check the website for known malware, blacklisting status, website errors, and out-of-date software.”
Sucuri highlights a couple of results at the top for example ‘Site is not Blacklisted’ and gives a security rating on a sliding scale ranging from Minimal to Critical.
The scan then provides two lists headed Website Malware & Security and Website Blacklist Status illustrating with a simple tick if there are any issues that may need following up on.
Lastly if there are any Hardening Improvements for example outdated TLS or a leaked PHP version.
SSL Labs
SSL Labs is a collection of documents, tools and thoughts related to SSL. It’s an attempt to better understand how SSL is deployed, and an attempt to make it better. I hope that, in time, SSL Labs will grow into a forum where SSL will be discussed and improved.
SSL Labs is a non-commercial research effort, and we welcome participation from any individual and organization interested in SSL.
–Ivan Ristić, Qualys
The SSL Server Test performs a deep analysis of the configuration of your SSL web server.
Once the test is complete you are presented with a number of easy to read results.
It provides an overall rating A,B,C etc and breaks down the results as bar graphs for certificate, Protocol Support, Key Exchange and Cipher Strength.
It then provides the information of the certificate including valid to and from, the Key and if the certificate is trusted.
Following this we can see a breakdown of the configuration of the SSL certificate which highlights any potential (not necessarily secuity) issues with the Protocols, Cipher Suites plus a Handshake Simulator again highlighting potential issues or weaknesses.
Each of the above third party online scanners offer a great additional tool to help determine if there are any issues or potential issues with you website.