Website Under Maintenance

A full list of all security checks performed by our profile is provided below:

Basic Security Checks

Identify various security misconfigurations as well as deviations from security best practices in applications like CMS Disclose, Email Authentication Issues( SPF/DMARC), DNS High Availability status, Firewall Protection Status, Open Ports that may be the pathway for attackers, Privacy policy availability and Registrar Lock Status.

Malware Infected URLs

A malware infection on websites can execute unauthorized actions on the victim’s system or website visitors. eCyLabs helps to check URLs for suspicious code. malware, malware, viruses, abuse, or reputation issues.

Domain BlackList Detection

Usually blacklisted domains create reputation loss for your company and emails  classified as “spam-like”. Blacklist removal can be requested manually but you must ensure you have fixed the issues before doing this.

URL Category Check

Identifies URL Categories for your website. The websites that do not belong to any categories are sometimes classified as high-risk until you categorize them. Internet browsers will mark your website as suspicious and you will lose your reputation. Find your provider and request you change the category of your URL.

Discover Broken Links

Discover broken links in your websites to avoid impact in your customer reputation. In those cases, users who happen to visit those abandoned links will get a 404 error. There are several drawbacks when a website responds with this error code. So, we will discover all the broken links for you to fix them.

URL Load Time Test

Conduct a website performance test to review common issues which will impact engagement. So, we will analyze the load speed for all the URLs and insight to optimize specific URLs that are causing delays.

File integrity check

URL Integrity Monitoring is a security practice that consists of verifying the integrity of URLs to determine if tampering or fraud has occurred by comparing them to the last scan result.

SSL Check

SSL Test performs transport layer security based on web security guidelines to provide informed recommendations to web administrators. Certificates are typically signed by a trusted certificate authority and the certificates are valid for a certain period of time when a ssl certificate expires, it will reveal the remote clients from accessing secure websites. Checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and more.

The post Web Security and Optimization Scanner appeared first on Security Marketplace.

Penetration testing helps to identify malicious behaviours or patterns by simulating an external attacker’s view. In the context of web application security, pen testing is commonly used to augment a web application firewall (WAF). eCyLabs Pen testing scan profiles leveraging OWASP Detection Logics and its widely used, often in conjunction with connected systems such as servers, networks, devices, to endpoints.

Many of the security flaws in the OWASP Top 10 list can be identified with our tool such as,

– Injection

– Broken authentication

– Sensitive data exposure

– XML external entities (XXE)

– Broken access control

– Security misconfigurations

– Cross site scripting (XSS)

– Insecure deserialization

– Using components with known vulnerabilities

– Insufficient logging and monitoring

Pen testing follows with below stages:

• Explore – The tester attempts to learn about the system being tested. This includes trying to determine what software is in use, what endpoints exist, what patches are installed, etc. It also includes searching the site for hidden content, known vulnerabilities, and other indications of weakness.
• Attack – The tester attempts to exploit the known or suspected vulnerabilities to prove they exist.
• Report – The tester reports back the results of their pen test including the vulnerabilities, how they exploited them and how difficult the exploits were, and the severity of the exploitation.

The post Penetration Testing for Web appeared first on Security Marketplace.

eCyLabs API Security scanner leveraging OWASP Detection Logics and provides security testing for web application APIs. It helps to Detect flows to protect APIs from Man in the middle attacks. They enable access to sensitive software functions and data, so they are becoming a primary target for attackers. Companies use web APIs to connect web services and transfer data between applications. The applications will also interchange a high volume of valuable and sensitive information. The APIs that are broken, disclosed or hacked can reveal sensitive information like medical, financial or even personal data. When it approaches to verify the Web API security, you require proper strategies for the authentication and authorization.

APIs are vulnerable to attack. The impact of API security breaches goes with financial costs, legal battles, fines, and lost customers.

OWASP added the API Security Top 10 list that need to be addressed:

– Broken Object Level Authorization

– Broken Authentication

– Excessive Data Exposure

– Lack of Resources & Rate Limiting

– Mass Assignment

– Security misconfigurations

– Injection

– Improper Assets Management

– Insufficient Logging & Monitoring

API testing follows with below stages:

• Vulnerability assessment: Performing automated penetration testing for your APIs can permit you to identify vulnerabilities at the proper time and you can fix them accordingly.

• Authorization: Authenticating API traffic using OAuth and JSON Web Tokens allows you to set access control rules to particular API resources.

• Encryption: Using TLS is best practice for encrypting the data for API protection. It requires a Signature to decrypt and modify the data. It can help users from the risk of man-in-the-middle-attacks.

Using an API gateway: An API gateway allows you to keep track of all API calls and do the necessary monitoring to understand how the API utilization happens.

The post Web API Security appeared first on Security Marketplace.