Top 10 Free Tools to Scan Website Security Vulnerabilities & Malware

Website security is often neglected and usually considered after the damage is done. Webmasters don’t have time (are not paid) to constantly update web scripts and ensure website security. Then one not-fine day the forgotten site gets defaced, compromised, used for malicious activities and what not else…

Neglected website security can ruin your site and online presence, not to mention business. It can even put you under cyber criminal investigation if your site has been used for web attacks, scams and / or other malicious activities which is very often the case.

Website security is not necessarily expensive nor time-demanding. If you stick to some basic principles you can have a healthy website without too much trouble. While a book can be (and has been) written about website security you should be fine by just:

• Stick to as few web scripts as possible. If necessary, sacrifice some functionality but avoid installing exotic third party extensions. Having less scripts will ensure much easy update to newer versions. Try to stick only to software which you know how to update.
• Regularly check for updates your web scripts.
• Try to limit the admin access to your scripts only to your local IP.

Indusface WAS (Web Application Scanning)

Indusface WAS provides a comprehensive unlimited automated security scanning for web applications. It provides detailed coverage of OWASP top 10 vulnerabilities and can-do automated audits with authenticated scans on new age websites/single page applications. Indusface optionally provides the following two additional add-on services with their scanner:

1. Tight two-way integration with their own WAF to provide instant managed virtual patching for identified vulnerabilities (not protected with out of box WAF core rule sets). Data from the live WAF traffic is feed into the automated scanner to increase crawler coverage.
2. In addition to automated scanning, manual penetration testing is also included; the results of which are shown in the same centralized portal. The manual penetration testing results are also used to keep improving the coverage and test cases on subsequent automated scans after a manual PT is done.

Anyone can get a comprehensive free scan done by signing up to Indusface WAS or subscribe to AppTrana Basic’s free twice a month automated scan for the whole year.

SCANMYSERVER

Find security weaknesses in your website and web servers, free. Indentify problems like malware, SQL injection and XSS (cross site scripting).

SITECHECK.SUCURI

Sucuri SiteCheck is a free website security scanner. Remote scanners have limited access and results are not guaranteed. For a full scan, contact our team.

SSLLABS

This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.

QUALYS

Qualys, Inc. helps your business automate the full spectrum of auditing, compliance and protection of your IT systems and web applications.

QUTTERA

Free online heuristic URL scanning and malware detection. Scan websites for malware, exploits and other infections with quttera detection engine to check if the site is safe to browse. Check website for malicious pages and online threats. Monitor websites/domains for web threats online. Security tools for webmasters.

DETECTIFY

Detectify is a website vulnerability scanner that performs tests to identify security issues on your website. Let us find vulnerabilities for you before hackers do.

SITEGUARDING

Get professional security tool for your website, detecting malwares on the website and removal services, website backup services, daily website file scanning and file changes monitoring, protect your website from hackers, antivirus for website.

WEBINSPECTOR

Online Website Malware Scanner from Web Inspector is a free web page scanner that detects and reports website related malware threats. Scan Instantly Free.

ACUNETIX

Acunetix Online performs a full web and network vulnerability scan from Acunetix servers.

ASAFAWEB

Welcome to ASafaWeb, the Automated Security Analyser for ASP.NET Websites. The purpose of ASafaWeb is to make scanning for common configuration vulnerabilities in live ASP.NET websites dead easy. To that effect, you don’t need anything more than a URL to get started and ASafaWeb will head off and report on anything it can find which is remotely detectable.

NETSPARKER

Automatically find vulnerabilities in your websites & web applications, and eliminiate false positives with Netsparker’s dead-accurate web security scanner.

UPGUARD

Understand your IT Configuration State. De-risk change. Prepare your apps for the cloud. Become an IT Rockstar!

TINFOILSECURITY

Tinfoil Security provides a simple website application security solution by routinely monitoring and checking for vulnerabilities using a constantly updated scanner.