Story image

Four free tools to help lock down your web security

20 Aug 18

Security assessments, penetration testing, web server security, brand protection… to management, they can seem nothing more than just checkboxes at times.

They often come with steep price tags, and with ever-tightening budgets it can be difficult to convince your managers to invest in security tools.

To sweeten the deal and perhaps encourage management to take security seriously, there are trustworthy tools available free for your use.

High-Tech Bridge is a company that understands web security. As part of its ongoing commitment, it provides four free ImmuniWeb products that you can use to test mobile apps, SSL/TLS security, trademark monitoring, and web server scanning, amongst others.

Why are these worth testing? Let’s take a look at each in turn.

Mobile app security and privacy

Whether your organisation develops or uses mobile applications as part of your day-to-day operations, they can be the most vulnerable.

ImmuniWeb Mobile App Scanner references the OWASP Mobile Top 10 security guidelines to test mobile applications running on Android and iOS.

It’s easy to use: Type in the name of the app and choose it from the dropdown list or upload your mobile app’s APK/IPA into the system. In just a few minutes, you will receive a detailed audit report via email, not only with common weaknesses amid OWASP Mobile Top 10 but various best-practices and privacy findings. The report is available only to you and is deleted automatically after 90 days.

SSL/TLS security and compliance

SSL/TLS encryption is now a fundamental part of any website – in fact, Google is beginning to penalise any website that doesn’t use ‘https’ and is deemed not secure.

If you use SSL/TLS encryption, you want to make sure it’s up to standard. There are also a range of compliance guidelines you must follow: PCI DSS, HIPAA, and NIST to name just three.

ImmuniWeb SSLScan is able to test all of these, as well as SSL certificate expiration for enumerated subdomains, insecure third-party content, and test for email servers’ SPF, DKIM and DMARC implementation.

Intellectual property, trademark, and brand protection

Typosquatting is a common trick used by criminals to lead unsuspecting people astray. They do it by creating domain names that look similar to a genuine website name. When people type in an address, a simple typo could land them on a page that looks genuine enough, but is in fact fraudulent.

What’s more, cybercriminals could also be using your brand as part of a spoofing campaign – for example they will often clone genuine emails as part of malicious phishing attacks.

ImmuniWeb Trademark Monitor searches the web to find cybersquatted, typosquatted, and phishing attacks across the internet and social media that infringe your trademarks or spoof your brand.

Did you know Apple’s brand has been spoofed 8,770 times? How does your business stack up?

Web server security and privacy hardening

Organisations and web users are starting to realise that there are major security risks when they use unsecure web applications and vulnerable website.

However, website owners and system administrators underestimate the importance of secure web configuration that can reduce attacks against websites – and users.

ImmuniWeb WebScan is a web server security test that can check for HTTP headers presence, validity and secure configuration, HTTP methods allowed by the web server, web server version and other software-related tests. It can even detect altered JS libraries.

Last, but not least the product also fingerprints the CMS and its competent to map against all known vulnerabilities and weaknesses. Find our right now how many insecure plugins your WordPress has.

All of these free tools are available High-Tech Bridge, a trusted vendor that can give you a quick view of your security status.

Put your systems to the test free of charge – click here for more details.

London coworking space teams with Global Cyber Alliance
A London-based coworking space is about to become a major cybersecurity innovation hub and a primary UK landing pad for security challenge winners.
Comms providers hit by most DDoS attacks in Q3 2018
New data indicates attackers preyed on the large attack surface of ASN-level communications service providers with a ‘bit-and-piece’ approach.
Check Point launches hyperscale network security solution
With Check Point Maestro, organisations can scale up their existing Check Point security gateways on demand.
Should AI technology determine the necessity for cyber attack responses?
Fujitsu has developed an AI that supposedly automatically determines whether action needs to be taken in response to a cyber attack.
Trend Micro’s telecom security solution certified as VMware-ready
Certification by VMware allows communications service providers who prefer or have already adopted VMware vCloud NFV to add network security services from Trend Micro.
Frost & Sullivan honours Honeywell's IIoT value creation
Frost & Sullivan has awarded Honeywell with the 2018 Global Customer Value Leadership Award for its work protecting industrial internet of things (IIoT) customers.
Top cybersecurity threats of 2019 – Carbon Black
Carbon Black chief cybersecurity officer Tom Kellermann combines his thoughts with those of Carbon Black's threat analysts and security strategists.
Google's €50m fine a wake up call for big data analytics
Data analytics are essential to company growth, competitive differentiation, and innovation. But there’s now a huge challenge.