Powered by Blogger.

12 Online Free Tools to Scan Website Security Vulnerabilities & Malware

One of the most trending talks in Information Technologies is Web Security. Do you know 96% of tested applications have vulnerabilities? Below chart from Cenzic shows different types of the vulnerable trend found.


We often pay attention to website design, SEO, contents and underestimate the security area. As a website, blog owner web security should have higher importance than anything. This article is in response to “Apache Web Server Hardening & Security Guide.”

There were many questions how to scan for website security, mobile app vulnerabilities so here you go. In this article, I will list out free tools to scan your website for security vulnerabilities, malware

You can always protect your website with Web Application Firewall from cloud-based security provider like Incapsula.




Tools Lists


1. Scan My Server

ScanMyServer provide one of the most comprehensive reports of varieties of security test like SQL Injection, Cross Site Scripting, PHP Code Injection, Source Disclosure, HTTP Header Injection, Blind SQL Injection and much more. Scan report is notified by email with vulnerability summary.

2. SUCURI

SUCURI is the most popular free website malware and security scanner. You can do a quick test for Malware, Website blacklisting, Injected SPAM and Defacements. SUCURI clean and protect your website from online threats and works on any website platforms including WordPress, Joomla, Magento, Drupal, phpPP, etc.

3. Qualys SSL Labs, Qualys FreeScan

SSL Labs is one of most used tools to scan SSL web server. It provides deep analysis of your https URL including expiry day, overall rating, Cipher, SSL/TLS version, Handshake simulation, Protocol details, BEAST and much more. If you are running a secure (https) website, you shouldn’t wait anymore to do a quick test.


FreeScan test website for OWASP Top Risks and malware, against SCP security benchmark and much more. You need to register a free account to perform this scan.
4. Quttera

Quttera check website for malware and vulnerabilities exploits. If scan your website for malicious files, suspicious files, potentially suspicious files, phishTank, Safe Browsing (Google, Yandex) and Malware domain list.

5. Detectify

Detectify is a SaaS-based website security scanner. This got 100+ automated security tests including OWASP Top 10, malware and much more. Detectify provider 21-day free trial and you must register to perform security scan against your website.

6. SiteGuarding

SiteGuarding helps you to scan your domain for malware, website blacklisting, injected spam, defacement and much more. The scanner is compatible with WordPress, Joomla, Drupal, Magento, osCommerce, Bulletin and another platform.


SiteGuarding also helps you to remove malware from your website so if you are website is affected by viruses, they will be useful.
7. Web Inspector

Web Inspector scans your website and provides thread report including Blacklist, Phishing, Malware, Worms, Backdoors, Trojans, Suspicious frames, Suspicious connections. So, go ahead and run a scan to find out whether it is malicious or not.

8. Acunetix

Acunetix analyzes complete website for more than 500 vulnerabilities including DNS and network infrastructure from Acunetix servers. They provide free 14 days trial, and you can register and validate your domain as explained here before the security scan.
9. Asafa Web

AsafaWeb provides quick scan results of Tracing, Custom errors, Stack trace, Hash Dos Patch, EMLAH log, HTTP Only Cookies, Secure Cookies, Clickjackingand much more.

10. Netsparker Cloud

Netsparker Cloud is an enterprise web application security scanner which scans for more than 25 critical vulnerabilities. Netsparker is free for open source project else you can request for the trial to run the scan. Refer my step-by-step guide on how to register for an account and perform the scan.
11. UpGuard Web Scan

UpGuard Web Scan is external risk assessment tool uses publicly available information to grade on various factors including SSL, Clickjack attack, Cookie, DNSSEC, Headers, etc. It’s still in beta but worth trying out.

12. Tinfoil Security

Tinfoil security first audits your website against top 10 OWASP vulnerabilities and then other known security holes. You get actionable report and option to re-scan once you are done with necessary fixes. Setting up will take around 5 minutes, and you can scan even if your website is protected or behind single sign-on.


One of the essentials for security is to monitor them so you get notified whenever it’s down or hacked. While above tools help you to scan your website on-demand you may also wish to schedule them for an automatic security scan.

I hope above list helps you to perform security scanning against your website. Do share with your friends if you find this useful.
SHARES159

Reader InteractionsShow all responses
Primary Sidebar



About this Blog

I'm Chandan Kumar and this blog is an attempt to help people in Web Infrastructure world. I hope you get benefited from my blog and Thank Youfor reading this. Let's connect on Facebook.


CATEGORIESCategories




Stay Updated




Latest article in your inbox for FREE.



Yes, Send Me!


6 Free Tools to Test Website Load Time from China

By Chandan Kumar | Last Updated: February 12, 2015



How fast your website is in China? 

Website Should be Fast!

Having slow website hurt conversion rate and could potentially cost you $2.5 million in a year if your e-commerce website is making $100,000 per day.

There are plenty of online tools to test your website load time from USA, UK, India but very few have options to test your page load time from China. If you are running a business in China or expecting visitors and if your website hosted out of China then most probably your website load time would be poor. 

You may always use CDN like Incapsula to boost your website performance. But first, let’s see following tools to find how your website performs.





Tools Lists


1. Web Page Test 

webpagetest is one of the most used tools to test your load time. It has the option to test the load time from Shanghai using IE, Chrome, Safari & Firefox. This provides the first view and repeats view in waterfall so you have the complete understanding of your resources load time. 
2. Site 24X7

Site 24X7 has many useful tools however to check load time from China you can use Analyze Full Web Page which has the option to test from Hangzhou. This has very detailed information like DNS resolve time, Connecting time, First Byte time, a number of requests, resources summary, domain summary. It’s my favorite at the moment. 
3. Dot Com Monitor

Dot Com Tools gives you the option to test using Chrome, Firefox, IE, Safari and Android from Hong Kong & Shanghai. One good thing about Dot Com is you can test from multiple locations at once. This also provides waterfall so you have a complete understanding about page resources.
4. Site Speed Monitoring 

Baidu test your website from 32 provinces to help you analyse site elements so you can take action towards making your website faster.
5. Site Speed

site speed test from 25 locations and give loading time visualization on China map. Very handy to find out time to load from the particular location at stages like resolution time, connection time and download time.

6. CDNetworks

CDNetworks doesn’t say which exact location in China but give you a good overview of the number of requests, response time, the number of objects & page size.

I hope above tools give you a guideline on how your website loads in China. If you need to boost website performance then you can always look for CDN service.
Show all responses


Primary Sidebar



About this Blog

I'm Chandan Kumar and this blog is an attempt to help people in Web Infrastructure world. I hope you get benefited from my blog and Thank Youfor reading this. Let's connect on Facebook.


CATEGORIESCategories




Stay Updated




Latest article in your inbox for FREE.



Yes, Send Me!


6 netstat Command Usage on Windows with Example

By Chandan Kumar | Last Updated: February 12, 2015
SHARES12


netstat is command line network tool which is very useful troubleshooting command. Its cross-platform utility means you can use on Linux, OS X or Windows. netstat can be very handy in following.
Display incoming and outgoing network connections
Display routing tables
Display number of network interfaces
Display network protocol statistics

Let’s get it started…
1. Show only established connection

You can use below syntax to view all established connection from/to your Windows server.
C:\Windows\system32>netstat | findstr ESTABLISHED TCP 172.16.179.128:49375 a23-77-202-113:http ESTABLISHED C:\Windows\system32> 


Note: to view LISTEN, CLOSE_WAIT, TIME_WAIT you can just use as following.netstat | findstr LISTEN netstat | findstr CLOSE_WAIT netstat | findstr TIME_WAIT

2. Show PID used by port number

A very handy when you have to find out which PID is using the particular port number.netstat –o | findstr $portnumber


Note: you can just use netstat –o to display all connection with PID
3. Show statistics of all protocols

Useful when you have to find out for any received header error, received address error, discarded packet, etc. It will list out statistics from IPv4, IPv6, ICMPv4, ICMPv6, TCP, UDP, etc.netstat –s


Note: to find out any errors quickly you can use below syntax.C:\Windows\system32>netstat -s | findstr Errors Received Header Errors = 0 Received Address Errors = 0 Received Header Errors = 0 Received Address Errors = 0 Errors 0 0 Errors 0 0 Receive Errors = 0 Receive Errors = 0 C:\Windows\system32>

4. Show routing information

To display Route Table you can use below syntax. The following syntax will also list all interfaces.netstat –r

5. Show Interface Statistics

To view the status of all interface you can use following syntax. This will display Received & Sent details.C:\Windows\system32>netstat -e Interface Statistics Received Sent Bytes 8988576 2105244 Unicast packets 12972 11880 Non-unicast packets 0 0 Discards 0 0 Errors 0 0 Unknown protocols 0 C:\Windows\system32>

6. Show Fully Qualified Domain Name of foreign address (remote host)

If you are tracking some issues and would like to know FQDN of the remote host then you can use following syntax.netstat –f


Note: you can combine findstr syntax to show precise results like below.netstat –f | findstr ESTABLISHED netstat –f | findstr $domainnameifyouknow


I hope this helps you get familiar with netstat command usage on Windows.
SHARES12
Show all responses


Primary Sidebar



About this Blog

I'm Chandan Kumar and this blog is an attempt to help people in Web Infrastructure world. I hope you get benefited from my blog and Thank Youfor reading this. Let's connect on Facebook.


CATEGORIESCategories


10 Awesome Free Joomla SEO Optimised Templates

By Chandan Kumar | Last Updated: February 12, 2015
SHARES10


Joomla! open source CMS (Content Management System) is downloaded for over 68 million time and second popular CMS. First, is WordPress! There are plenty of free Joomla templates available in the market but very few are built with high standards including following.
Design & Layout
SEO Optimized
Responsive
User-Friendly/Mobile-Ready

Joomla can fit into any requirement from blogging to corporate websites. Here are some of them powered by Joomla.
Citibank

Let’s take a look at following responsive, SEO optimised & mobile friendly Joomla template. and yes, FREE!
1. Magazine

Gavick has one of the best free templates, which is responsive and looks beautiful. This looks best for blog or magazine related website. Magazine is compatible with K2 and built with Gavern framework.


2. Purity III

Purity III is built on T3 framework which looks good for Magazine, Portfolio, and eCommerce related website. It supports Bootstrap 3 and compatible with many extensions like Easy Blog, Easy Discuss, Jom Social, Kunena, MijoShop, and EasySocial. It has many layouts like Magazine, Corporate, Blog, Glossary, Portfolio which makes Purity III one of the best free responsive templates from Joomlart.


3. SJ Vinda

SJ Vinda got clean design supporting K2 to create the powerful premium website. SJ Vinda is built on YT framework V2 and comes with 6 color schemes and 8 bonus pages with RTL language support.


4. Afterburner 2

Afterburner 2 is built on Gantry 4 framework having 34 module positions comes in 3 preset styles. Afterburner 2 is one of the fastest loading free Joomla templates by Rocket Theme.


5. Radon

Radon is a multi-purpose template which can fit for any modern website. It supports RTL language and built on Helix framework. Radon is fully equipped with HTML5, CSS3, K2 and Mega Menu.


6. JSN Time

It looks perfect for magazine/news website. It’s compatible with K2 and comes in many layouts with a content slider, page builder, image gallery, form building & mobile friendly.


7. JSN DONA

JSN DONA is multi-purpose theme comes with 6 homepages for religion, politics, charity, education, business & portfolio. Probably one of the best free templates with lots of ready-made homepages for you to build the website in few minutes.


8. Steak House

Looking for restaurant or food related Joomla template? Steak House by AS Templates is perfectly designed on a bootstrap framework with 20 module position and following features.
HTML 5 ready
Responsive
Standard + Google fonts ready
Tableless and CSS based design
Fast loading


9. Sienna

Sienna by Rocket Theme is built on Gantry 5 framework for travel agencies, hotel and event venues. Sienna comes with 6 preset styles and tons of features.
Responsive
Typography
Coming soon page
Social icons
Font awesome icons
Popup module
Unlimited module positions
Fluid width options
Off-canvas panel
Mega-menu support
Mobile menu


10. JA Simpli

JA Simpli is a highly customizable lightweight template for news, magazine, portfolio, corporate. It comes with 4 pre-made unique layouts with many features.
LESS & CSS
Sticky Menu
Font awesome
Flexible layout
Custom code



Above fantastic Joomla! templates should be good to get started and put your imagine into reality. Don’t forget to secure your Joomla website so you don’t get hacked and for CDN & web security checkout Incapsula.
    Blogger Comment
    Facebook Comment