Siwecos-Scanner/EN: Unterschied zwischen den Versionen
(8 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
Zeile 1: | Zeile 1: | ||
− | == | + | == Siwecos Website Scanners == |
{{:TLS_Scanner/EN}} | {{:TLS_Scanner/EN}} | ||
− | + | ||
{{:DOMXSS_Scanner/EN}} | {{:DOMXSS_Scanner/EN}} | ||
− | + | ||
{{:Header_Scanner/EN}} | {{:Header_Scanner/EN}} | ||
− | + | ||
{{:Info_Leak_Scanner/EN}} | {{:Info_Leak_Scanner/EN}} | ||
− | + | ||
{{:Initiative-S_Scanner/EN}} | {{:Initiative-S_Scanner/EN}} | ||
− | + | ||
− | [[Category:Siwecos-Scanner | + | [[Category:Siwecos-Scanner]] |
− | |||
__NOTOC__ | __NOTOC__ |
Aktuelle Version vom 17. April 2019, 12:42 Uhr
Siwecos Website Scanners
TLS-Scanner
The TLS Scanner allows you to check the encryption protocol (TLS) of your servers for vulnerability. If you are using an out-dated encoding version or are relying on out-dated processes (Cryptographic Primitive), this will be detected by our scanner. The TLS scanner is also capable of detecting problems with the certificate in use and inform you about weak key-lengths and expired certificates (German only) that could enable an attacker to decrypt the communication between you and your customers. In addition, the TLS Scanner can test your TLS implementation for common attacks like man-in-the-middle-attack (Insecure Renegotiation), Poodle and Heartbleed.
Information:
HTTPS-NO-RESPONSE
HTTPS-NOT-SUPPORTED
Certificates:
CERTIFICATE-EXPIRED
CERTIFICATE-NOT-SENT-BY-SERVER
CERTIFICATE-NOT-VALID-YET
CERTIFICATE-WEAK-HASH-FUNCTION
Cryptography:
CIPHERSUITE-ANON
CIPHERSUITE-EXPORT
CIPHERSUITE-NULL
CIPHERSUITE-RC4
CIPHERSUITE-DES
CIPHERSUITEORDER-ENFORCED
PROTOCOLVERSION-SSL2
PROTOCOLVERSION-SSL3
PROTOCOLVERSION-TLS13
Attacks:
BLEICHENBACHER-VULNERABLE
CRIME-VULNERABLE
HEARTBLEED-VULNERABLE
INVALID-CURVE-EPHEMERAL-VULNERABLE
INVALID-CURVE-VULNERABLE
PADDING-ORACLE-VULNERABLE
POODLE-VULNERABLE
TLS-POODLE VULNERABLE
SWEET32-VULNERABLE
XSS-Scanner
The XSS-Scanner highlights potential dangers in the website source code. This includes the detection of cross-site scripting (DOM based vulnerabilities), which could enable an attacker to execute e.g. malware in the form of JavaScript in the context of your web application.
Header Scanner
Unseen by the user, the header (HTTP-Header Protokoll) of a website is exchanged between the Client and the Server for every query and response. The Header influences the behavior of the browser on the user side. Largely, these are handled independently of the queried Webapplikation and are defined in the webserver configurations. The Header_Scanner now allows you to examine the HTTP header of your web application for insecure configurations. The scanner (Crawler) checks the information of the HTTP-header of your website and generates a report on any vulnerabilities found that could enable an attacker to execute attacks via faked sender IP addresses (Spoofing).
- CONTENT-SECURITY-POLICY
- CONTENT-TYPE
- PUBLIC-KEY-PINS (The result does not influence the score)
- STRIKT-TRANSPORT-SECURITY
- X-CONTENT-TYPE-OPTIONS
- X-FRAME-OPTIONS
- X-XSS-PROTECTION
Info Leak Scanner
The Info Leak Scanner searches through your webapplikation and generates a report on possibly unintentionally detailed information – e.g. on the structure of the application or software version in use – which should not be made public. Findings should be rectified as quickly as possible.
Initiative-S Scanner
This Initiative-S scanner matches the domain with known blacklists for botnets, phishing, malware and spam.