SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Four free tools to help lock down your web security
Mon, 20th Aug 2018
FYI, this story is more than a year old

Security assessments, penetration testing, web server security, brand protection… to management, they can seem nothing more than just checkboxes at times.

They often come with steep price tags, and with ever-tightening budgets it can be difficult to convince your managers to invest in security tools.

To sweeten the deal and perhaps encourage management to take security seriously, there are trustworthy tools available free for your use.

High-Tech Bridge is a company that understands web security. As part of its ongoing commitment, it provides four free ImmuniWeb products that you can use to test mobile apps, SSL/TLS security, trademark monitoring, and web server scanning, amongst others.

Why are these worth testing? Let's take a look at each in turn.

Mobile app security and privacy

Whether your organisation develops or uses mobile applications as part of your day-to-day operations, they can be the most vulnerable.

ImmuniWeb Mobile App Scanner references the OWASP Mobile Top 10 security guidelines to test mobile applications running on Android and iOS.

It's easy to use: Type in the name of the app and choose it from the dropdown list or upload your mobile app's APK/IPA into the system. In just a few minutes, you will receive a detailed audit report via email, not only with common weaknesses amid OWASP Mobile Top 10 but various best-practices and privacy findings. The report is available only to you and is deleted automatically after 90 days.

SSL/TLS security and compliance

SSL/TLS encryption is now a fundamental part of any website – in fact, Google is beginning to penalise any website that doesn't use ‘https' and is deemed not secure.

If you use SSL/TLS encryption, you want to make sure it's up to standard. There are also a range of compliance guidelines you must follow: PCI DSS, HIPAA, and NIST to name just three.

ImmuniWeb SSLScan is able to test all of these, as well as SSL certificate expiration for enumerated subdomains, insecure third-party content, and test for email servers' SPF, DKIM and DMARC implementation.

Intellectual property, trademark, and brand protection

Typosquatting is a common trick used by criminals to lead unsuspecting people astray. They do it by creating domain names that look similar to a genuine website name. When people type in an address, a simple typo could land them on a page that looks genuine enough, but is in fact fraudulent.

What's more, cybercriminals could also be using your brand as part of a spoofing campaign – for example they will often clone genuine emails as part of malicious phishing attacks.

ImmuniWeb Trademark Monitor searches the web to find cybersquatted, typosquatted, and phishing attacks across the internet and social media that infringe your trademarks or spoof your brand.

Did you know Apple's brand has been spoofed 8,770 times? How does your business stack up?

Web server security and privacy hardening

Organisations and web users are starting to realise that there are major security risks when they use unsecure web applications and vulnerable website.

However, website owners and system administrators underestimate the importance of secure web configuration that can reduce attacks against websites – and users.

ImmuniWeb WebScan is a web server security test that can check for HTTP headers presence, validity and secure configuration, HTTP methods allowed by the web server, web server version and other software-related tests. It can even detect altered JS libraries.

Last, but not least the product also fingerprints the CMS and its competent to map against all known vulnerabilities and weaknesses. Find our right now how many insecure plugins your WordPress has.

All of these free tools are available High-Tech Bridge, a trusted vendor that can give you a quick view of your security status.

Put your systems to the test free of charge – click here for more details.