I noticed a free online tool to audit your (your customer's) website. You can find and fix the back hole or weakness.
https://www.ssllabs.com/ssltest/index.html
One of good tool to audit your website
+7Veeam Vanguard | VMCE 2024 | Microsoft MVP | Cisco Insider Champion | CISCO CCIE #4531 | Web Site - carysun.com | Blog Site - gooddealmart.com | Blog Site - checkyourlogs.net | X: @SifuSun | LinkedIn: https://www.linkedin.com/in/sifusun/ | Amazon Author: https://Amazon.com/author/carysun
+11Awesome online tool
[Microsoft MVP | Veeam Legend (2021 -2025) | VMware vExpert 5x | Cisco Champion 3x | Object First Ace 2x]
+7Veeam Vanguard | VMCE 2024 | Microsoft MVP | Cisco Insider Champion | CISCO CCIE #4531 | Web Site - carysun.com | Blog Site - gooddealmart.com | Blog Site - checkyourlogs.net | X: @SifuSun | LinkedIn: https://www.linkedin.com/in/sifusun/ | Amazon Author: https://Amazon.com/author/carysun
+21Very cool testing tool. Will have to give this a try. 👍
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
+20Nice! I’m going to check this out! Thanks Cary.
Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
+13Guys beware, running a Vulnerability Assessment (even a light one) on a customer site requires permission to be run. :)
BTW, the market leader is Nessus, it’s a super complete suite (not open source), while Greenbone OpenVas is another great solution as mentioned
Personally I prefer BurpSuite, but for a direct interaction.
Oh, and there’s Shodan to check if that IP has know vulnerabilities.
Backups are like pizza, I love them. | Linkedin: @marco-fabbri-it
+22marcofabbri wrote:
Guys beware, running a Vulnerability Assessment (even a light one) on a customer site requires permission to be run. :)
BTW, the market leader is Nessus, it’s a super complete suite (not open source), while Greenbone OpenVas is another great solution as mentioned
Personally I prefer BurpSuite, but for a direct interaction.
Oh, and there’s Shodan to check if that IP has know vulnerabilities.
I used Nessus back in the day. Did it not change from open source to proprietary? of am I confusing this with something else?
VMCA2024, VMCE2023, VMCE2024-SP,CKA, LFCS, PCA,TARS
+13Geoff Burke wrote:
marcofabbri wrote:
Guys beware, running a Vulnerability Assessment (even a light one) on a customer site requires permission to be run. :)
BTW, the market leader is Nessus, it’s a super complete suite (not open source), while Greenbone OpenVas is another great solution as mentioned
Personally I prefer BurpSuite, but for a direct interaction.
Oh, and there’s Shodan to check if that IP has know vulnerabilities.
I used Nessus back in the day. Did it not change from open source to proprietary? of am I confusing this with something else?
I think you’re confusing with OpenVas :) there’s a community version, but the main one is now proprietary! The old “gvc” via terminal!
Backups are like pizza, I love them. | Linkedin: @marco-fabbri-it
+8I use the Qualys scanner every time I update a certificate on a public site. Another tool that I use in conjunction with this is IISCrypto to disable/enable the appropriate SSL/TLS protocols, weed out weak ciphers and set cipher priorities without having to dig into the registry manually.
Derek M. Loseke, Senior Systems Engineer | Veeam Legend 2022-2024 | VMSP/VMTSP | VCP6-DCV | VSP/VTSP | CCNA | https://technotesanddadjokes.com | @dloseke
+8Also, don’t forget to check the “Don’t show the results on the boards” checkbox. Sounds like a great way to publish weak websites if you ask me.
Derek M. Loseke, Senior Systems Engineer | Veeam Legend 2022-2024 | VMSP/VMTSP | VCP6-DCV | VSP/VTSP | CCNA | https://technotesanddadjokes.com | @dloseke
+7Veeam Vanguard | VMCE 2024 | Microsoft MVP | Cisco Insider Champion | CISCO CCIE #4531 | Web Site - carysun.com | Blog Site - gooddealmart.com | Blog Site - checkyourlogs.net | X: @SifuSun | LinkedIn: https://www.linkedin.com/in/sifusun/ | Amazon Author: https://Amazon.com/author/carysun
+21dloseke wrote:
Also, don’t forget to check the “Don’t show the results on the boards” checkbox. Sounds like a great way to publish weak websites if you ask me.
Used that when I tested my blog. Got a B across the board so need to look at CloudFlare which I use with it.
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
1 person likes this
+8Chris.Childerhose wrote:
dloseke wrote:
Also, don’t forget to check the “Don’t show the results on the boards” checkbox. Sounds like a great way to publish weak websites if you ask me.
Used that when I tested my blog. Got a B across the board so need to look at CloudFlare which I use with it.
I just ran it on mine….aside from figuring out why my domain doesn’t like to pull up when not using a www. in front (it’s DNS of course), I’m happy with my result.
Derek M. Loseke, Senior Systems Engineer | Veeam Legend 2022-2024 | VMSP/VMTSP | VCP6-DCV | VSP/VTSP | CCNA | https://technotesanddadjokes.com | @dloseke
+11marcofabbri wrote:
Guys beware, running a Vulnerability Assessment (even a light one) on a customer site requires permission to be run. :)
BTW, the market leader is Nessus, it’s a super complete suite (not open source), while Greenbone OpenVas is another great solution as mentioned
Personally I prefer BurpSuite, but for a direct interaction.
Oh, and there’s Shodan to check if that IP has know vulnerabilities.
Here is a comprehensive article on Burpsuite.
[Microsoft MVP | Veeam Legend (2021 -2025) | VMware vExpert 5x | Cisco Champion 3x | Object First Ace 2x]
Comment
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.