In this tutorial, you will learn about some security tools you can use to ensure your Episerver CMS-powered website is secure. Security is a big concern for any online business, especially if you do any type of e-commerce. For any big major enterprise-level clients, I suggest you hire a third-party testing company to independently test your website for vulnerabilities. For people with smaller budgets and for developers who want to ensure they do their best to secure their sites, there are a number of free tools and checks you can do yourself to help ensure your site is as secure as possible. In today's guide, I'm going to cover some of these free tools and how you can use them to test your website.
SSLLabs
SSLLabs provides a free online scanner, that will perform a deep analysis of the configuration for your public SSL certification to test your site's security.
Depending on your hosting server's setup, you might come up with a.. disappointing grade. Luckily, after checking this site, I got an "A" grade ranking and my website was shown on their website.. 💥! If your website fails, you will be given a list of things you can work on. A lot of this ranking will be based on your hosting provider, have they enabled insecure protocols and encryption ciphers on your server?
Link: SSLLabs
Sucuri SiteCheck
Sucuri SiteCheck scanner will check your website for known malware, blacklisting status, website errors, and out-of-date software. Simply here over to Sucuri SiteCheck and start a scan!
Link: Sucuri SiteCheck
ScanMyServer
ScanMyServer provides a pretty comprehensive report on a number of potential security vulnerabilities in your site. The tool will check for things like SQL Injection, Cross-Site Scripting, and HTTP Header Injection. This tool is more based on sites built with PHP based, however, it only takes a few seconds to run and it might give you some advice.
⚠️ To get the ScanMyServer report you need to add some HTML into your website footer, so this may or may not put you off using it. ⚠️
Link: Scan My Server
ASafaWeb
Next on the list of tools is ASafaWeb. ASafaWeb is a .NET based tool. It can be used to scan your Episerver/.NET based website and based on its tests, it will give you a list of pass/fail notifications, with recommendations on how to improve your security where applicable.
ASafaWeb checks include ensuring tracing is disabled, ELMAH logs are not public-facing, and your sites usage of HTTP cookies!
Link: ASafaWeb
Security-headers.io
Security-headers.io will scan your website and check to see if you've implemented strategies to prevent things like cross-site scripting (XSS) attacks from occurring on your site.
The Security-headers.io report will warn you about things like your Content-Security-Policy, X-Frame-Options, X-XSS-Protection and X-Content-Type-Options.
Link: Securityheaders.io
CSP Analyser
The CSP analyzer will analyze your sites content security policy and then report on how good it is.
Link: report-uri.io/
Quttera
Quttera is another tool that will check your website for malware and vulnerabilities exploits. Quttera will scan your site for malicious and suspicious files. It will also check if your domain is on the safe browsing and Malware domain list.
Link: Quttera
If you perform checks using all of these tools on your site, you will have a super-secure site that you will know is secure as it can be. For e-commerce sites, it is still recommended to get an expert! Happy Coding 🤘
