ImmuniWeb Community Edition - Website Security Test
The Website Security Test is a free online tool to perform web security and privacy tests:
- Non-intrusive GDPR compliance check related to web application security.
- Non-intrusive PCI DSS compliance check related to web application security.
- Analysis of CMS and its components for outdated versions and publicly-known vulnerabilities.
- Analysis of HTTP methods that may put web server, web application or website visitors at risk.
- Detailed analysis (syntax, validity, trustworthiness) of HTTP security headers:
- Server
- Strict-Transport-Security (also known as HSTS)
- X-Frame-Options
- X-Powered-By
- X-Content-Type-Options
- X-XSS-Protection
- X-AspNet-Version
- Content-Security-Policy (also known as CSP)
- Access-Control-Allow-Origin
- Content-Security-Policy-Report-Only
- Referrer-Policy
- Permissions-Policy
- Analysis of altered, and thus potentially malicious, JS libraries.
- Analysis of ViewState for misconfigurations and security weaknesses.
- Analysis of web application cookies for security flags.
- Detection of domain’s presence in various Blacklists.
- Detection of Cryptojacking within JS code.
- Detection of WAF presence.
References & How-To's
Acknowledgements
The following security experts helped us improve this free product:
- Alex H.
- Anik, Store Republic
- Doug Nelson
- Freddie Leeman
- Gunnar Schwant
- Ibtihaaj Khurram
- Joseph Guay, Korem Geospatial
- Kelley Hugh, Sompo International
IP Ranges
IP ranges of our outbound servers are:
- 192.175.111.224/27
- 64.15.129.96/27
- 70.38.27.240/28
- 72.55.136.144/28
- 72.55.136.192/28
- 108.163.142.208/28
- 209.172.38.160/27