Protecting a website from hackers is no easy task, as even big names like Sony and Sega will confirm. But making use of a vulnerability scanner like Websecurify may be able to help.
The idea is a simple one. Just point the program at your website, it’ll scan it and then report on any security holes, so hopefully you can fix them before they’re noticed by someone else.
If you’ve tried similar programs before then you’ll know they’re typically very complex, ludicrously expensive, or some combination of the two. But Websecurify is different. It’s free, and once launched you can initiate an automated scan in just a click or two, so the program really is straightforward to use.
The scanner itself can automatically detect a full range of vulnerabilities, according to the authors: SQL Injection, Local and Remote File Include, Cross-site Scripting, Cross-site Request Forgery, Information Disclosure Problems, Session Security Problems, and many others including all categories in the OWASP TOP 10.
We weren’t quite so convinced, as in our tests Websecurify generally only picked up a few of the most basic configuration issues (and very slowly). Still, it’s only at version 0.8, so perhaps we shouldn’t expect too much just yet. Especially as it’s free, and so easy to use: if the program uncovers only a single vulnerability which you didn’t know about before then that probably justifies its installation.
And so if you run a website which ever holds any kind of confidential information, then download Websecurify, point it at your domain, and you’ll soon have an idea of just how vulnerable you might be to any passing hacker who pays you some attention.
Your Comments & Opinion