ImmuniWeb, a security testing and risk rating provider, is offering a free website security test aimed at enterprises of all sizes and testing resources.
The Switzerland-based company, which initially designed the security test for smaller enterprises and organizations with fledgling application security testing programs, said it’s also suited to large organizations with mature DevSecOps programs. The online test checks relevant PCI DSS (Payment Card Industry Data Security Standard) requirements, verifies CMS (content management systems) security and runs a privacy check.
Here’s what the test provides:
- Verify PCI DSS requirements 6.2, 6.5 and 6.6.
- Fingerprint versions of over 100 most popular CMS, web frameworks and over 165,000 of their plugins.
- Run a comprehensive vulnerability check for all known vulnerabilities in the fingerprinted software.
- Check over 20 HTTP headers related to security, encryption or privacy for strong configurations in line with industry best practices, including ones from OWASP.
- Assess Content Security Policy (CSP) to prevent some XSS and CSRF exploitation vectors, as well as variations of ransomware and cryptojacking attacks.
By ImmuniWeb’s figuring, the tool will be well-deployed: Of the 40 million public websites the service tested, slightly less than 10 percent contained up-to-date software, a paltry 2.1 percent satisfied current PCI DSS requirements, and only 2.4 percent are protected with a WAF (web application firewall).
Ilia Kolochenko, ImmuniWeb CEO and founder suggested that the web testing service benefits both users and the provider. “Our free community offering enables our company to maintain sustainable relations with the community, get valuable feedback and actionable data on the global state of application security,” he said. “We are excited to see a steadily growing number of users, many of whom later become commercial customers for our ImmuniWeb AI offering.”
ImmuniWeb has integrated the website security testing tool with its Discovery visibility utility that builds a comprehensive inventory of an organization’s external web, mobile and cloud assets.