NCSC Web Check

From the National Cyber Security Centre

Website configuration and Vulnerability scanning services – an introduction

Website vulnerabilities result from misconfigurations or software flaws which might be exploited by an attacker.
Web configuration and vulnerability scanning services offer a regular and cost effective method of checking for common problems with websites. As such they complement penetration testing in which a specialist security tester can check for more complex security weaknesses, refining the strategy for later tests in response to their initial findings.

About Web Check

Web Check checks your websites for common web vulnerabilities and misconfigurations. The checks are designed to impose low load on sites and to avoid damaging them. Web Check tells you what you need to worry about, when you need to worry about it and what you need to do about it.

It is easy to use and doesn’t require a high level of technical skill. Potential security issues checked for include the following:

  • Whether a site’s server software is patched and up to date
  • If using a Content Management System, whether this is patched and up to date
  • Issues with the server’s certificate chains
  • A range of TLS configuration concerns and implementation errors
  • Whether site misconfiguration is suggested by inconsistency between the site loaded over HTTP and over HTTPS
  • Use of third-party resources, and whether these are loaded over HTTPS
  • Whether cross domain policy and/or cross origin resource sharing controls allow interaction from other sites

UK-registered charities pilot

They are currently running a pilot for a limited number of UK registered charities. If you are interested please sign up and register. They will ask you for feedback during the pilot and access may be withdrawn once the pilot has ended.

For more information, and to sign up, click here