Free test checks website security and PCI DSS compliance
Monday, April 29, 2019
Good website security is essential to give customers confidence in your business, but for smaller organizations testing can prove difficult.
To address this issue, security testing and risk rating company ImmuniWeb is launching a free website security test that can be used by anyone.
When run the test verifies PCI DSS requirements, fingerprints versions of over 100 most popular CMS, web frameworks and over 165,000 of their plugins, and runs a comprehensive vulnerability check for all known vulnerabilities in the fingerprinted software.
In addition it checks over 20 HTTP headers related to security, encryption or privacy for strong configurations in line with industry best practices, including ones from OWASP. It also assess Content Security Policy (CSP) to prevent some XSS and CSRF exploitation vectors, as well as variations of ransomware and Cryptojacking attacks.
Ilia Kolochenko, CEO and Founder or ImmuniWeb, says, "Our free community offering enables our company to maintain sustainable relations with the community, get valuable feedback and actionable data on the global state of application security. We are excited to see a steadily growing number of users, many of whom later become commercial customers for our ImmuniWeb AI offering."
So far, among almost 40 million public websites tested using the tool, only 9.74 percent contain up to date software, 2.07 percent satisfy the PCI DSS requirements, and as few as 2.39 percent are protected with a WAF.
You can access the test on the ImmuniWeb site. Read Full Article
Silicon UK: Wipro Hires Forensic Firm After Hack
Help Net Security: Hackers used credentials of a Microsoft Support worker to access users’ webmail