ImmuniWeb, a world-class supplier of mobile, web, and API security testing as well as risk ratings, has chosen to expand its free community offering with its new website security test. This test which was initially created for organizations and SMEs that have nascent application security testing programs, large organizations with mature DevSecOps programs also has the opportunity to take advantage of the service, to swiftly run hundreds of daily scans. This will ensure essential security as well as the compliance of external web applications.
After its launch, the test will do the following:
- Check Content Security Policy (CSP) to prevent some CSRF and XSS and exploitation vectors, and also, variations of Cryptojacking and ransomware attacks.
- Confirm PCI DSS requirements 6.5, 6.2 and 6.6.
- Assess over 20 HTTP headers that have to do with encryption, security or privacy for strong configurations in accordance with industry best practices, including ones from OWASP.
- Run a check for comprehensive vulnerability for all known vulnerabilities in the fingerprinted software. These are only a few functions amongst others.
In the words of Ilia Kolochenko, Founder and CEO of ImmuniWeb, “Our free community offering enables our company to maintain sustainable relations with the community, get valuable feedback and actionable data on the global state of application security. We are excited to see a steadily growing number of users, many of whom later become commercial customers for our ImmuniWeb® AI offering.”
The website security test is now also incorporated into the freemium ImmuniWeb® Discovery offering based on OSINT technology targeted at non-intrusive discovery of an organization’s external attack surface. ImmuniWeb Discovery swiftly builds a thorough inventory of each organization’s external web, mobile and cloud assets. This move provides an ultimate asset visibility to every organization, irrespective of their size.