How You Can Test Your Episerver Websites Security

Security is a big concern for any online presence, especially if you do any type of e-commerce. For any bib major enterprise level clients, I suggest you hire a third-party pen testing company to independently test your website for vulnerabilities. However, there are a number of free tools and checks you can do yourself to help ensure your site is as secure as possible. In today’s guide, I’m going to cover some of these free tools and how you can use them to test your website.

SSLLabs

SSLLabs provide a free online scanner, that will perform a deep analysis of the configuration for your public SSL web server to test your site’s security.

ssl_labs

Depending on your hosting server’s setup you might and come up with a.. disappointing grade. Luckily, after checking this site, I got an “A” grade ranking and my website was shown on their website.. boom! If your website fails then you have some things you can work on. A lot of this ranking will be base don your hosting provider, have they enabled insecure protocols and encryption ciphers on your server?

SSLLabs

Sucuri SiteCheck

sucuri_sitecheck

Sucuri SiteCheck scanner will check your website for known malware, blacklisting status, website errors, and out-of-date software.

Sucuri SiteCheck

ScanMyServer

ScanMyServer provides a pretty comprehensive report on a number of potenial security vunrabilities, like SQL Injection, Cross Site Scripting, HTTP Header Injection etc.. this tool is more PHP based but it only takes a few seconds to run so it can be worth the hassle.

NOTE To get the ScanMyServer report you need to add some HTML into your website footer, so this may or may not put you off using it.

Scan My Server

ASafaWeb

Next on the list of tools is ASafaWeb. ASafaWeb will scan your Episerver/.NET based website and based on it’s tests, it will give you a list of pass/fail notification, with recommendations where applicable.

asafaweb

Even though my website is PHP based it can still scan it. It will do some basic things like make sure tracing is disabled, ELMAH logs are not public facing, HTTP cookies etc.. will be flagged.

ASafaWeb

Security-headers.io

Security-headers.io will scan your website and check to see if you’ve implemented strategies to prevent things like cross-site scripting (XSS) based.

security-headers-io

The Security-headers.io report will warn you about things like your Content-Security-Policy, X-Frame-Options, X-XSS-Protection and X-Content-Type-Options.

securityheaders.io

CSP Analyser

report-uri-io

The CSP analyser will analyse the ‘content security policy’ of your site and tells you how good it is.

CSP Analyser

Quttera

quttera

Quttera is another tool that will check your website for malware and vulnerabilities exploits. Quttera will scan your site for malicious files, suspicious files, potentially suspicious files, phishTank, Safe Browsing (Google, Yandex) and Malware domain list.

Quttera

Jon D Jones

Software Architect, Programmer and Technologist Jon Jones is founder and CEO of London-based tech firm Digital Prompt. He has been working in the field for nearly a decade, specializing in new technologies and technical solution research in the web business. A passionate blogger by heart , speaker & consultant from England.. always on the hunt for the next challenge

More Posts

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *