Give Your Website A Security Scan With Detectify
Date 22/3/2013
Making sure that your website is not used for anything shady is one of the most important tasks of being a webmaster. If you are making a living from a site, it is even probably the most important thing after making sure the site is up and running. There are a couple of attack vectors that need to be mentioned. From exploiting security vulnerabilities in the scripts running on the site or programs running on the web server over exploiting improper rights on the server to distributing malicious content via advertisement or disgruntled editors that add questionable links or code to sites.
Detectify is a new online service that you can make use of to scan a website thoroughly for security issues. There are a couple of things you need to do first before you can get started though. First, you need to create an account with the service and verify the email address you have used to sign up. Then, you need to add at least one domain name you want scanned and verify that domain name before you can start the security scan. Verification options include uploading a file to the root of the service to do so.
The actual scan runs in the background and can take quite some time depending on the size of the website. I started the scan of Ghacks for instance two days ago and it is still running. You can look at the preliminary report though at any time.
The program displays the number of exploits, warnings and notices on the report page. Below that you find information about the total number of files scanned so far and the average scan time of the service.
You can view the details if exploits, warnings or notices have been found to analyze them further. Here are a couple of examples the service found on the Bearsoft server:
False positives can be marked as such which informs the Detectify team about them. I was not able to download reports as csv files which may been the case because the scan was not finished at that point in time.
Making sure that your website is not used for anything shady is one of the most important tasks of being a webmaster. If you are making a living from a site, it is even probably the most important thing after making sure the site is up and running. There are a couple of attack vectors that need to be mentioned. From exploiting security vulnerabilities in the scripts running on the site or programs running on the web server over exploiting improper rights on the server to distributing malicious content via advertisement or disgruntled editors that add questionable links or code to sites.
Detectify is a new online service that you can make use of to scan a website thoroughly for security issues. There are a couple of things you need to do first before you can get started though. First, you need to create an account with the service and verify the email address you have used to sign up. Then, you need to add at least one domain name you want scanned and verify that domain name before you can start the security scan. Verification options include uploading a file to the root of the service to do so.
The actual scan runs in the background and can take quite some time depending on the size of the website. I started the scan of Ghacks for instance two days ago and it is still running. You can look at the preliminary report though at any time.
The program displays the number of exploits, warnings and notices on the report page. Below that you find information about the total number of files scanned so far and the average scan time of the service.
You can view the details if exploits, warnings or notices have been found to analyze them further. Here are a couple of examples the service found on the Bearsoft server:
False positives can be marked as such which informs the Detectify team about them. I was not able to download reports as csv files which may been the case because the scan was not finished at that point in time.
Post a Comment