Story image

Four free tools to help lock down your web security

20 Aug 18

Security assessments, penetration testing, web server security, brand protection… to management, they can seem nothing more than just checkboxes at times.

They often come with steep price tags, and with ever-tightening budgets it can be difficult to convince your managers to invest in security tools.

To sweeten the deal and perhaps encourage management to take security seriously, there are trustworthy tools available free for your use.

High-Tech Bridge is a company that understands web security. As part of its ongoing commitment, it provides four free ImmuniWeb products that you can use to test mobile apps, SSL/TLS security, trademark monitoring, and web server scanning, amongst others.

Why are these worth testing? Let’s take a look at each in turn.

Mobile app security and privacy

Whether your organisation develops or uses mobile applications as part of your day-to-day operations, they can be the most vulnerable.

ImmuniWeb Mobile App Scanner references the OWASP Mobile Top 10 security guidelines to test mobile applications running on Android and iOS.

It’s easy to use: Type in the name of the app and choose it from the dropdown list or upload your mobile app’s APK/IPA into the system. In just a few minutes, you will receive a detailed audit report via email, not only with common weaknesses amid OWASP Mobile Top 10 but various best-practices and privacy findings. The report is available only to you and is deleted automatically after 90 days.

SSL/TLS security and compliance

SSL/TLS encryption is now a fundamental part of any website – in fact, Google is beginning to penalise any website that doesn’t use ‘https’ and is deemed not secure.

If you use SSL/TLS encryption, you want to make sure it’s up to standard. There are also a range of compliance guidelines you must follow: PCI DSS, HIPAA, and NIST to name just three.

ImmuniWeb SSLScan is able to test all of these, as well as SSL certificate expiration for enumerated subdomains, insecure third-party content, and test for email servers’ SPF, DKIM and DMARC implementation.

Intellectual property, trademark, and brand protection

Typosquatting is a common trick used by criminals to lead unsuspecting people astray. They do it by creating domain names that look similar to a genuine website name. When people type in an address, a simple typo could land them on a page that looks genuine enough, but is in fact fraudulent.

What’s more, cybercriminals could also be using your brand as part of a spoofing campaign – for example they will often clone genuine emails as part of malicious phishing attacks.

ImmuniWeb Trademark Monitor searches the web to find cybersquatted, typosquatted, and phishing attacks across the internet and social media that infringe your trademarks or spoof your brand.

Did you know Apple’s brand has been spoofed 8,770 times? How does your business stack up?

Web server security and privacy hardening

Organisations and web users are starting to realise that there are major security risks when they use unsecure web applications and vulnerable website.

However, website owners and system administrators underestimate the importance of secure web configuration that can reduce attacks against websites – and users.

ImmuniWeb WebScan is a web server security test that can check for HTTP headers presence, validity and secure configuration, HTTP methods allowed by the web server, web server version and other software-related tests. It can even detect altered JS libraries.

Last, but not least the product also fingerprints the CMS and its competent to map against all known vulnerabilities and weaknesses. Find our right now how many insecure plugins your WordPress has.

All of these free tools are available High-Tech Bridge, a trusted vendor that can give you a quick view of your security status.

Put your systems to the test free of charge – click here for more details.

AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.