From the National Cyber Security Centre
Website configuration and Vulnerability scanning services – an introduction
Website vulnerabilities result from misconfigurations or software flaws which might be exploited by an attacker.
Web configuration and vulnerability scanning services offer a regular and cost effective method of checking for common problems with websites. As such they complement penetration testing in which a specialist security tester can check for more complex security weaknesses, refining the strategy for later tests in response to their initial findings.
About Web Check
Web Check checks your websites for common web vulnerabilities and misconfigurations. The checks are designed to impose low load on sites and to avoid damaging them. Web Check tells you what you need to worry about, when you need to worry about it and what you need to do about it.
It is easy to use and doesn’t require a high level of technical skill. Potential security issues checked for include the following:
- Whether a site’s server software is patched and up to date
- If using a Content Management System, whether this is patched and up to date
- Issues with the server’s certificate chains
- A range of TLS configuration concerns and implementation errors
- Whether site misconfiguration is suggested by inconsistency between the site loaded over HTTP and over HTTPS
- Use of third-party resources, and whether these are loaded over HTTPS
- Whether cross domain policy and/or cross origin resource sharing controls allow interaction from other sites
UK-registered charities pilot
They are currently running a pilot for a limited number of UK registered charities. If you are interested please sign up and register. They will ask you for feedback during the pilot and access may be withdrawn once the pilot has ended.