Three free tools to test website security

Three free tools to check web server security, SSL/TLS and whether your site is vulnerable to phishing and cybersquatting. A Swiss web security company called High-Tech Bridge has launched three really useful tools in the last few months to help us check whether our websites are at risk to cyber attacks. Here are the products:

Web server security test

Simply input your URL and the service will try to detect and analyse a list of 6 headers that are known to improve security for users:

• Server – X-Frame-Options
• Strict-Transport-Security (also known as HSTS) – X-XSS-Protection
• Public-Key-Pins (also known as HPKP) – X-Content-Type-Options
• Content-Security-Policy (also known as CSP)

For each header several checks are made if applicable:

• Syntax
• Validity
• Trustworthness

They deliberately chose not to analyse Report-Only headers, that only provide monitoring, and deprecated headers, to encourage people to implement the ones that are compatible with the most recent browsers. We also test if the server accepts the most commonly supported HTTP Methods (HTTP verbs), as some may introduce security issues.

SSL/TLS security test

This service enables anyone to assess how secure and reliable a site’s SSL/TLS connection to a server (on any port) is, the service performs four distinct tests:

Domain Security Radar