Top-5 Website Risk Assessment Tools for Security Managers

06.09.15

Dan Ennis CEO


Risk-AssessmentThe most basic step in dealing with attacks on your website is finding a combination of assessment tools that can identify vulnerabilities and reduce exposure.

Last December, over 100,000 WordPress websites were compromised due to a vulnerability in a popular plugin, resulting in Google blacklisting over 11,000 domains.

The first step in dealing with the new attack landscape is to find a combination of assessment tools that can identify as many vulnerabilities as possible and reduce exposure. These comprise of the following categories:

  1. Application Level Tools: Client Honeypots allowing to understand an attack’s approach and behavior, including tools such as Google Phoneyc, and client configuration scanning looking at browser security and privileges.
  2. Infrastructure Assessment Tools that can help you scan infrastructure where it is hosted, including your environment’s network topology and include tools such as  Cain and Abel.
  3. Availability and User Experience Assessment Tools for assessing the site’s potential availability and user experience under DDoS load. Examples are IMacros for Chrome and  BlazeMeter.
  4. Platform Hardening Tools: CMS security testing such as WPScan.
  5. Web Application Development Tools: Chrome extensions for developers including penetration tests, fuzzing and vulnerability scanners.

Originally published on Infosecurity Magazine, the full article provides over 15 useful resources and links allowing security managers to find the optimal combination of assessment tools that can identify vulnerabilities and reduce exposure. Read the full article.

For a comprehensive guide to protecting WordPress-based websites download the Ultimate Resources Index for WordPress protection .

blog-post-logo