In a recent project, I’ve been liaising with web security experts to carry out security testing on a number of client servers. During my research, I’ve come across various free tools that can help you identify any potential issues.
While there are many tools out there, I’ve come across three very useful tools to help check that the servers and websites I work with are secure.
ImmuniWeb SSL Security
ImmuniWeb’s SSL Security Testing Tool is great for checking your website complies with industry best practices, including the PCI-DSS. You’ll get a useful report on the good and bad areas:
Qualys SSL Test
Qualys’ SSL Test is similar to ImmuniWeb’s one above. In addition to check various configuration issues, this report also tells you which browsers or devices your website may not work with. It also check is your server is vulnerable to various critical vulnerabilities like POODLE, and Heartbleed.
DigiCert SSL Certificate Checker
DigiCert’s SSL Certificate Checker tool is the quickest tool of the three to check that your SSL certificates are valid, and what protocols and ciphers are supported. It also checks for some common vulnerabilities, but isn’t as comprehensive as the ones above.