How to Quickly Test Your Website's Security for Free | Mirsad Hasic | Skillshare

How to Quickly Test Your Website's Security for Free

Mirsad Hasic, Systemintegrator/Teacher

Play Speed
  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x
8 Lessons (20m)
    • 1. Class Introduction

      1:10
    • 2. Free Website Security Scan Tool I

      3:01
    • 3. Free Website Security Scan Tool II

      2:47
    • 4. Free Website Security Scan Tool III

      2:54
    • 5. Free Website Security Scan Tool IV

      1:47
    • 6. Free Website Security Scan Tool V

      2:10
    • 7. Free Website Security Scan Tool VI

      2:31
    • 8. Free Website Security Scan Tool VII

      3:55

About This Class

In this class I am going to show you seven online free tools that are great for scanning and testing the security of your site. Those tools can be applied to any site no matter the platform you are using.

Transcripts

1. Class Introduction: I in this class, I'm going to cover seven online security tools that are really useful for finding the holes in your site that hackers can utilize in order to break into your site and caused a real mess. So I suggest you test all of those seven tools and utilize each of them on your site. My experience tells me that even if one tool tells you that your site is safe, the other tools are going to probably find the holes that need to be covered and the Attackers can take advantage off. So I encourage you to join this class and this color hall grade. Those tools actually are. And Beto seven tools. I guarantee you that you're not going to risk have your site hack it in the future again if you fix all the holes that those tools discover and suggest you to actually fix. All right, So I hope to see you inside this class. Thank you for checking the introductory video off this. Plus stay tuned 2. Free Website Security Scan Tool I: and welcome to this class. In these first lecture, I'm gonna cover the scan my server dot com, which is a great resource for testing the vulnerability off your site. These tool is going to test your site for Mullah Veer SQL injection excess and also other common vulnerabilities that is floating the internet right now. So I'm gonna just type in the euro. First thing I do here for my site and I'm gonna heat scan. We just had a double double W here a spell. All right, so it is going to scan our site, and the next thing we need to do is to enter your email address. I'm going to do that as well. Those guys are not going to send you any span. I know that because I have been using them for a while and I have never received any kind of spam from them. So the last step is to click on this Parton step, and next thing we need to do is to actually confirm the ownership of our site. So we need to authorize the stool in order to be able to test our site by adding the scan myself a security seal to the home page. So what you need to do is to edit your index file and add the specific seal. I'm gonna show you quickly how you can do that. So here I am not getting inside my Web server. And down here I have added the specific code in the photo. You're supposed that it. So I'm gonna go over to my site and show you how it looks. Scroll down to the footer and down here you can see this little batch. So in order to get the code for the seal unit, Jacob actors can my server click me of seal basically copied and pasted on site Save update and then time likley can confirm now. So I'm going to just confirm now, However, sometimes I have found that these doesn't work pretty well. For some reason, it doesn't find the security seal our site because even if you have other did so I'm gonna just keep click. You confirm later, and what is going to happen is that I'm going to receive the code that I could be pasted in my email and basically be told that I should redo this. I have six more different tools to show you have to secure site and you shall never trust on a single. In order to provide security for your site, you should always test your side to be different tools in order to ensure that your site is completely free from any kind off vulnerabilities. In my experience, a tool can never find all the vulnerabilities that that site might be exposed to. So what? This is why it's important to use several different tools in order to do this. All right, so that's it for this lecture. Stay tuned. See you next. 3. Free Website Security Scan Tool II: All right, so let's check out the to number two in order to scan our side forward their abilities. The domain is side checked out security dot net. This is a really nice tool that I have be also you've been using for a while, and it works really great. So what security will do is that it is going to quickly test your site for malware. Website. Blacklisting, injecting span and other kinds of common Warner built is that it's floating interest right now. Secondly, security is also going to clean and protect your website from different kinds of trends, and it basically works on any kind of fab side at this popular on the Internet right now, such as war pressure. Jumla drew people, it said. So let's go ahead and scan my site here. So I'm gonna just type in domain soccer training guy dot com and it's kind of website. Let's see what happens. This usually takes less than 10 seconds to complete, and down here we get a report going. What security have found with our side, we can see that we have a low risk of being infected by malware website blacklisting injected spam and defacements. However, it is recommended us to get our website firewall and here you have actually ability to click Patron, protect its security viral. I guess this is some kind off sales pitch where they are trying to sell you the security fire roll. I'm gonna just keep that in the website details. You can also see more about the least flings found and what security have scan it down here . We can see also the script. Finally, we have the Blackley status and this is important because you want to see whether your domain is clean by Google. So basically, if it is black least that then you are in big trouble because you will not receive any kind of traffic. You see also that it has bean tested with total safe web. It has been tested for fish tank in the opera browser site Advisers secure Mallory Labs black least spam hopes Debelle yandex and s it. So basically it has pass it all of those tests and it looks like our site is pretty safe and also free or any kind of malware. So this is the second tour on how you can actually test your site for Lil abilities. There are five more to come, so stay tuned to see you next 4. Free Website Security Scan Tool III: in this lecture, we're gonna check out patera dot com, which is another great tool for checking your side formal aware and vulnerabilities exploits. But the stool is going toe Do is to scan your website for all kind of malicious files, specials, files, potential suspicious files, maybe a script or something that is embedded in your sight. But you're not aware off it. It is also going to check for, say, browsing in Google and also check your site against the malware domain list. So what we need to do next is to basically just enter or the main here. I'm gonna just enter soccer training, god dot com and then he scan formalwear. So here we can see the progress and the school take a while, depending on hole bigger scientists. So I'm gonna just false there in order to save time in elected, complete the scan, and then I'm gonna go back to this lecture again. So take a cappuccino something and let the Quintero do its job. All right, so the test is finally done, and it took a couple of minutes to complete it because he that current status is clean and in order to view the detail report. We just need to click on this bottom and down here, we're gonna see more about what the stool has scanned on our site. We can see that this is the overview off the report and malicious files. Zero Suspicious 50 potential suspicion 50 clean files for it seems that it has cleaned for files for something. Not sure what it is. Extend Rawlings, Detective 69 I frames Canon zero black least did know. So let's see, on the scan, it files analysis. And here you see that it actually provides us with the plane, that vile someone and just click here and see what actually has done. It doesn't seem to provide what it actually has cleaned, but I guess it's school that it has clean it it so that we do not face any security issues On the additional information, we can see also the type off references, the main external wings and also black least looks in the links. This seems to be good as well. And finally, we have black listen, staples. So we are actually clean on all of those different tools that he still has scanning our citing. So it basically takes help with other tools as well in order to clean our side. So this looks really good, and I'm gonna just post there and go over to number four. See you in the next lecture. 5. Free Website Security Scan Tool IV: right. So the total number four is the inspector. This is a simple to use scanning tool, and it basically scan your website and provide you with a report that is going to include the black least on phishing attempts malware, backdoors, Georgians, and also suspicious connections. So I'm gonna just go over and run my side through the stool and see what happens if you can actually discover something. So there, training guy dot com. And I'm gonna just more His box check resulted domain to the black least, and he distort the scan and let's see what happens. So let's see how falsities this might take. Also, few seconds or even minutes to complete, depending on hole, bigger cities. I'm gonna just post there and waited to finish and then get back to it. All right. So here you can see that the scan has completed, and basically because he does the normal issues activity or mile there has been detected. We have no suspicious hire a score in consul ISI pages either. And down here, you can see that it has checked for black least phishing malware driver downloads warms back towards Georgian suspicious. I frames heuristic viruses, suspicious calls, suspicious connections and, finally, suspicious activity. So our site has passed all of those tests, and it looks like our side. This pretty much like the Fort Knox, really safe and seems to be almost impossible to break. True. So that fuss about tool number four Let's go over to the total number five. Stay tuned, see next. 6. Free Website Security Scan Tool V: All right, So the to number fire is the ourself of dot com. This is another great tool that we can use in order to scan our site and check for vulnerabilities. So what I'm gonna do is to just type in the domain of my site here and he scan before I do that. I just want to emphasize on that the school is in the beta mode, so you might not get completely accurate results. However, it's a great tool. So I'm gonna just cover and heat scan anyway and let your tapas alright, it's really fast, and you can see that we pass Actually on most off the different testing that the stool has done on our site and down here we have actually a warning about click jacking. Not sure what that is about. We have a Dorrell's excessive headers warning as well. So I'm gonna just click on click track morning and see what it is. Actually, So you see that website are a tree scopely jacking attack when they love content to be embedded within a frame, we need to disable the ability to add content between the frame on our site had also another warning, which was Texas You? Heather's Let's click on it. So it basically gives you an explanation on what this is about. So by the full Texas you information about the seven frameworks used to buy exponent application, return expose headers, this header can be used to help identify security flaws which may exist that the result of the choice of technology exposed in these headers. However, I'm not using our high speed off net site. And if you're not a feeling the familiar retires paid is basically ah, programming language used to called website pretty much similar to the ph. B. Even if BHP us completely different programming language. Anyway, I am fine with this, and it looks like our side is pretty much safe. Just like in the other tools that you checked. However, I'm gonna cover to more tools and let's he hauled. The site actually performs in those scanning tools as well. All right, so this waas the security scanning tool number five, we have two more to cover justice assayed, so stay tuned. See next 7. Free Website Security Scan Tool VI: the tool number six on our site is the up guard. This is another useful tool for scanning your site for security vulnerabilities. And what it is going to basically do is to check your site for SSL click tracks Attack Cookie, Heather's DNS. Sec. It said. However, it is important to emphasize on that the stool is still in the beta testing, so you might not get a cure it the results or you might even get wrong results, depending on when you scan your site. Anyway, I'm going to just go ahead and type in my domain here and see what happens. Let's HEAT scan. All right, so it is basically an lazy or site, and depending on how big your site is, this might take a while. Hello. In my case, it went pretty well. So you have an extensive report here that you can actually own the different segments off your site. So I see that I have failed on SSL nationally, not using as a cell as cell is basically for encrypting your traffic. The one you seen the https appear on left. We have also http strict time for security. So if it is disabled are vistors are going to be able to brozova cyber and may have contention intercepted by their party's. Not something I'm worried about because my site is simply a plane static site that is not using any kind flogging. We had the server information had there that we failed loan D m r c. It basically protects against fraudulent emails being saying from your domain. Welty sees something, and you take a look at male post Typical a sonic mail servers. Not sure what it is about. I'm going to take a look at that as well. Administration and ports typically assigned it services that provide access to work station Well, and not something that I need to worry about hitting and finally deign sse enabled. And we see the Vienna Circle preventer party for 14 the records that currently the main seasonality. So there are several different segments that I need to take a look at and actually fix. And this stool is really great because the other tool actually didn't spot any off those issues that we see in this report. So the up guard seems to be one of the best tools that I have tested so far, and I'm gonna just pose for their and covered the last begin in the class. So stay tuned. See next. 8. Free Website Security Scan Tool VII: right. So this is the last security scanning tool that I'm going to cover in this class. And it is the tinfoil security. This another great tool that you can use in order to find vulnerabilities on your site. So I'm going to just go ahead and type in my domain here, and I'm gonna heat to get your freeze can. Now, next, you're going to need to feel in your email address here. I'm gonna just type in mind, and you can see that it actually search for our liberties. It seemed that it has pound for almost five, and I guess six vulnerabilities and even more so I'm gonna just bean password here for the sake off it. You can also see that it actually tells us that our pastor this week, someone just try to improve it at some special characters here. All right, and click on. Agree here. Right. So this can has been completed. And it seems that I need the feeling my information against I'm gonna just do that in order to be able to see this report. So I guess those guys are not going to spam. You hope so. Let's click on Let's go and let's see what happens. Soul click will save, and here you can see that we can actually add our number of cell. I'm not going to do that. I don't want to do that. So we need to actually confirm that we own our site. So down here we can select two upload on each demon fire recommended at the meta tag Guinness record or manual team. Fully verifications lowers. I'm gonna just upload on html filing when I downloaded and uploaded to my server. All right, so I uploaded the file. I don't roll it to the root folder on my Web server for my soccer training guy dot com domain. So I'm gonna just hit very fine me. All right, let's click on the confirmed successful applaud First seems to be stepped for, right? So it seems to have found the file that looks good. Finally, let's click on, verify me and see what happens. All right, so our domain has been very five and it seems that we need to start a full of scan or c are less can results. I'm gonna just go over to the sea last camps results and see what happens. So let's see here. This is an overview. Your website is borderline unsafe. That doesn't sounds like good news. A number off on ability. Swell. Let's see the fixes See and fix here. So here we can see the type of fixes that we need to do. So this want, like jacking? I have seen it before. All right. Expanded view. Let's see the condense room. You and you can basically see what you actually need to fix or what I need to fix for my site. So clack click tracking or dim entry scan director listings in labor that I'm missing some resource integration statistics down here. I'm gonna click on it as well. All right, because he talked, operability ceased. Well, and we have also able to see the history. So I'm going to spend some time to work on fix those issues. And I suggest you test your site it all of those seven tools because you never know what you could discover just decided. I actually told that my side was pretty safe. But as you can see, there is a lot off things to covered in order to make it safe, So I hope you enjoy this class and I hope you learn it a lot. Just as much outside in Georgia according thank you for checking my class.