How You Can Test Your Episerver Websites Security

Security is a big concern for any online presence, especially if you do any type of e-commerce. For any big major enterprise level clients, I suggest you hire a third-party testing company to independently test your website for vulnerabilities. However, there are a number of free tools and checks you can do yourself to help ensure your site is as secure as possible. In today's guide, I'm going to cover some of these free tools and how you can use them to test your website.


SSLLabs provide a free online scanner, that will perform a deep analysis of the configuration for your public SSL web server to test your site's security. ssl_labs Depending on your hosting server's setup, you might come up with a.. disappointing grade. Luckily, after checking this site, I got an "A" grade ranking and my website was shown on their website.. boom! If your website fails then you have some things you can work on. A lot of this ranking will be based on your hosting provider, have they enabled insecure protocols and encryption ciphers on your server? SSLLabs

Sucuri SiteCheck

sucuri_sitecheck Sucuri SiteCheck scanner will check your website for known malware, blacklisting status, website errors, and out-of-date software. Sucuri SiteCheck


ScanMyServer provides a pretty comprehensive report on a number of potenial security vulnerabilities, like SQL Injection, Cross Site Scripting, HTTP Header Injection etc.. this tool is more PHP based but it only takes a few seconds to run so it can be worth the hassle. NOTE To get the ScanMyServer report you need to add some HTML into your website footer, so this may or may not put you off using it. Scan My Server


Next on the list of tools is ASafaWeb. ASafaWeb will scan your Episerver/.NET based website and based on it's tests, it will give you a list of pass/fail notification, with recommendations where applicable. asafaweb Even though my website is PHP based it can still scan it. It will do some basic things like make sure tracing is disabled, ELMAH logs are not public facing, HTTP cookies etc.. will be flagged. ASafaWeb will scan your website and check to see if you've implemented strategies to prevent things like cross-site scripting (XSS) based. security-headers-io The report will warn you about things like your Content-Security-Policy, X-Frame-Options, X-XSS-Protection and X-Content-Type-Options.

CSP Analyser

report-uri-io The CSP analyser will analyse the 'content security policy' of your site and tells you how good it is. CSP Analyser


quttera Quttera is another tool that will check your website for malware and vulnerabilities exploits. Quttera will scan your site for malicious files, suspicious files, potentially suspicious files, phishTank, Safe Browsing (Google, Yandex) and Malware domain list. Quttera

Jon D Jones

Software Architect, Programmer and Technologist Jon Jones is founder and CEO of London-based tech firm Digital Prompt. He has been working in the field for nearly a decade, specializing in new technologies and technical solution research in the web business. A passionate blogger by heart , speaker & consultant from England.. always on the hunt for the next challenge

Back to top