Web Infrastructure

WebSphere
Optimization

Tomcat/Weblogic

Apache HTTP

Nginx

IHS/IIS

UNIX

Networking/CDN

Blogging
WordPress

Joomla

Web Security

12 Online Free Tools to Scan Website Security

Vulnerabilities & Malware
B y C h an dan Kum a r | L ast upd ated: Jul y 15, 20 16

Share

Tweet

Stumble

o 56

SHARES

Scan Your WebSite, Blog for Security Vulnerabilities, Malware, Trojans, Viruses and
online threats

One of the most trending talks in Information Technologies is Web Security. Do you know 96% of tested
applications have vulnerabilities? Below chart from Cenzic shows different types of the vulnerable trend found.

We often pay attention to website design, SEO, contents and underestimate the security area. As a website,
blog owner web security should have higher importance than anything. This article is in response to Apache
Web Server Hardening & Security Guide.

56
SHARES

Share

There were many questions how to scan for website security so here you go. In this article, I will list out free
tools to scan your website for security vulnerabilities, malware.

Tweet

You can always protect your website with Web Application Firewall from cloud-based security provider like
Incapsula.

Stumble

Tools Lists
1. Scan My Server
2. SUCURI
3. Qualys SSL Labs, Qualys FreeScan
4. Quttera
5. Detectify
6. SiteGuarding
7. Web Inspector
8. Acunetix
9. Asafa Web
10. Netsparker Cloud
11. UpGuard Web Scan
12. Tinfoil Security

56

1. Scan My Server

SHARES

ScanMyServer provide one of the most comprehensive reports of varieties of security test like SQL Injection,

much more. Scan report is notified by email with vulnerability summary.

Share

Cross Site Scripting, PHP Code Injection, Source Disclosure, HTTP Header Injection, Blind SQL Injection and

Tweet

Stumble

2. SUCURI

SUCURI is the most popular free website malware and security scanner. You can do a quick test for Malware,
Website blacklisting, Injected SPAM and Defacements. SUCURI clean and protect your website from online
threats and works on any type of website platforms including WordPress, Joomla, Magento, Drupal, phpPP,
etc.

3. Qualys SSL Labs, Qualys FreeScan

SSL Labs is one of most used tools to scan SSL web server. It provides deep analysis of your https URL
including expiry day, overall rating, Cipher, SSL/TLS version, Handshake simulation, Protocol details, BEAST
and much more. If you are running a secure (https) website, you shouldnt wait anymore to do a quick test.

FreeScan test website for OWASP Top Risks and malware, against SCP security benchmark and much more.
You need to register a free account in order to perform this scan.

4. Quttera
Quttera check website for malware and vulnerabilities exploits. If scan your website for malicious files,
suspicious files, potentially suspicious files, phishTank, Safe Browsing (Google, Yandex) and Malware domain
list.

5. Detectify
Detectify is a SaaS-based website security scanner. This got 100+ automated security tests including OWASP
Top 10, malware and much more.Detectify provider 21-day free trial and you must register in order to perform
security scan against your website.

6. SiteGuarding
SiteGuarding helps you to scan your domain for malware, website blacklisting, injected spam, defacement and
much more. The scanner is compatible with WordPress, Joomla, Drupal, Magento, osCommerce, Bulletin and
another platform.

SiteGuarding also helps you to remove malwarefrom your website so if you are website is affected by viruses,
they will be useful.

7. Web Inspector
Web Inspector scans your website and provides thread report including Blacklist, Phishing, Malware, Worms,
Backdoors, Trojans, Suspicious frames, Suspicious connections. So, go ahead and run a scan to find out
whether it is malicious or not.

8. Acunetix
Acunetix analyzes complete website for more than 500 vulnerabilities including DNS and network infrastructure
from Acunetix servers. They provide free 14 days trial and you can register and validate your domain as
explainedhereprior to the security scan.

9. Asafa Web
AsafaWeb provides quick scan results of Tracing, Custom errors, Stack trace, Hash Dos Patch, EMLAH log,
HTTP Only Cookies, Secure Cookies, Clickjacking and much more.

10. Netsparker Cloud

Netsparker Cloud is an enterprise web application security scanner which scans for more than 25 critical
vulnerabilities.Netsparker is free for open source project else you can request for the trialto run the scan.
Refer my step-by-step guide on how toregister for an account and perform the scan.

11. UpGuard Web Scan

UpGuard Web Scan is external risk assessment tool uses publicly available information to grade on various
factors including SSL, Clickjack attack, Cookie, DNSSEC, Headers, etc. Its still in beta but worth trying out.

12. Tinfoil Security

Tinfoil security first audits your website against top 10 OWASP vulnerabilities and then other known security
holes. You get actionable report and option to re-scan once you are done with necessary fixes. Setting up will
take around 5 minutes and you can scan even if your website is protected or behind single sign-on.

One of the essentials for security is to monitor them so you get notified whenever its down or hacked. While
above tools help you to scan your website on-demand you may also wish to schedule them for an automatic
security scan.

I hope above list helps you to perform security scanning against your website.Do share with your friends if you
find this useful.

HELPMEONFACEBOOK!
IfyoufindthishelpfulthenpleaselikeonFacebook!

STAYUPTODATEWITHMYLATESTPOST
Enter your email here

Share

JOINNOW

Tweet

Stumble

o 56

SHARES

Random thoughts!
Five Essential Tools to Perform Stress Test Online
How to transfer WordPress from DigitalOcean to Linode?
How to redirect Website from HTTP to HTTPS?
Online Tools to Help You in Troubleshooting 3 Critical Web Application Issues
11 cURL Command Usage with Real-Time Example

Comments
Sam says
AUGUST 7, 2015 AT 9:17 PM

Nice! Thanks
Reply

Chandan Kumar says

AUGUST 17, 2015 AT 9:23 PM

Your welcome, Sam.

Reply

Prashant says
SEPTEMBER 24, 2015 AT 2:53 PM

Hi Chandan I hope you are doing great.Actually I am facing some issues while I tested application on IBM web
app scan There are two issues are left over.One is remove test scripts from server and second is to use only
http cookie.
How can I remove these two vulnerabillity from my application.Help me out .
Reply

Chandan Kumar says

SEPTEMBER 24, 2015 AT 4:58 PM

Hello Prashant,
I am doing well and hope you are too.
For HTTP Cookie you can follow this guideline https://geekflare.com/httponly-secure-cookie-apache/

For Test Script You need to find out the script on server and simply move it somewhere.
Reply

Didier says
OCTOBER 6, 2015 AT 8:14 PM

Thanks for the list I am in fact using another company that does not listed and I believe it can provide an
added value to add it to your list of company that provide both web application vulnerability scanner and
malware detection, http://www.gamasec.com a company that provide a very good level of expertise providing
both reports and option of remediation services
Thanks D
Reply

Chandan Kumar says

OCTOBER 7, 2015 AT 9:44 PM

Thanks for stopping by Didier. I will take a look.

Reply

sunita wadekar says

DECEMBER 10, 2015 AT 3:47 PM

Hello Chandan,
How are you? I am doing seo from almost 3 months, and before few days my site was hacked but now that
issue has been resolved. But now getting 404 errors in my webmaster. please tell me how to fix that 404 erros
from website. how to remove unwanted files from websiteplease tell me. I just want to remove that hacked
files from my website..!! how to remove?
Reply

Chandan Kumar says

FEBRUARY 17, 2016 AT 9:27 PM

Hello Sunita,
Its bit manual and lengthy process and differ from server to server. You may opt for service from SUCURI
which helps in cleaning malware and recover from hacked website.
Reply

Sunita Wadekar says

FEBRUARY 27, 2016 AT 6:37 PM

Thanks so much
Reply

Chandan Kumar says

FEBRUARY 28, 2016 AT 9:07 PM

Your welcome!
Reply

Jack Martin says

MARCH 23, 2016 AT 5:26 PM

Very informative post and it was quite helpful to me. I also wrote something on similar lines on best security
testing tools.

Reply

Al Rashid says
APRIL 5, 2016 AT 1:34 PM

Its a excellent article. got lot of information.

Reply

GeekFlare says
APRIL 6, 2016 AT 7:15 PM

Nice!
Reply

Tabea says
APRIL 23, 2016 AT 6:53 PM

We scanned our homepage on all these scanning-website. Thank you very much for this informative and
helpful article.
Reply

GeekFlare says
APRIL 23, 2016 AT 7:14 PM

Thats great. Thanks for visiting Tabera.

Reply

putlocker says
MAY 26, 2016 AT 12:42 AM

good post very intersting for my website

Reply

Leave a Reply

Comment

Name *

Email *

Website

Post Comment

I am not a spammer

>Sponsor this site

About

Contact
Sitemap

Terms of Service
Privacy
Disclosure

Category

Select Category

Search

Search this website

2016 Geek Flare All Rights Reserved.