Swiss-based web security company ImmuniWeb, known until recently as High-Tech Bridge, on Monday announced the availability of a free tool designed for testing websites.
The new Website Security Test tool checks sites for PCI DSS compliance (6.2, 6.5 and 6.6 requirements), it analyzes the content management system (CMS), checks the web server and content security policy (CSP), and looks for privacy issues.
Specifically, the tool checks if a web application firewall (WAF) is present, if the CMS and its components are up-to-date, if the JavaScript components are up-to-date, if cookies are properly configured, if web server directory listing is enabled, and if cryptojacking malware is detected.
The tool also looks at HTTP headers related to security, encryption and privacy, and CSPs designed to prevent cross-site scripting (XSS), cross-site request forgery (CSRF), ransomware, and cryptojacking attacks.
Once the test has been completed, a score is calculated and a grade between A+ and F is assigned. Users are also provided a report describing the problems found on the website.
“Initially designed for SMEs and organizations with nascent application security testing programs, large organizations with mature DevSecOps programs can also benefit from the service to quickly run hundreds of daily scans ensuring essential security and compliance of external web applications,” ImmuniWeb said.
ImmuniWeb’s solutions allow organizations to discover all their external applications and web services, conduct security and privacy assessments for websites and mobile applications, and continuously monitor security, compliance and integrity of a web application.
The company also offers several other free tools, including for testing the security of mobile applications, finding phishing websites, and testing a site’s SSL/TLS security and implementation.
“Our free community offering enables our company to maintain sustainable relations with the community, get valuable feedback and actionable data on the global state of application security. We are excited to see a steadily growing number of users, many of whom later become commercial customers for our ImmuniWeb AI offering,” said Ilia Kolochenko, CEO and founder of ImmuniWeb.
Related: NSA Makes Reverse Engineering Tool Freely Available
Related: Kaspersky Lab Launches New Threat Intelligence Tool
Related: Dragos Acquires NexDefense, Releases Free ICS Assessment Tools