Probably one of the easiest methods that we could find to quickly test your website is through Websecurify. This is the online tool which comes as a Firefox or chrome extension or a mobile application. Desktop edition is also possible. Saying online we meant that the database and the engine sit in the cloud, and only the frontend is delivered as an extension.
The page lists all quite many vulnerabilities that the scanner is able to detect. The scanner comes as a free and paid version and a couple of different editions. The most prominent edition (called Suite) costs a bit less than $50 per month and has one month free trial (at the time of this writing).
This article is a revised and updated version of a blog post Best tools to check website security posted on May 16, 2012.
Website security is a complex beast. To do a comprehensive vulnerability assessment you need to have right software, experience, patience and sometimes luck.
Whenever you approach a new website or just want to test your own website, the first thing is basically to scan it using your favorite security tool(s). Of course, if you’re not familiar with the website the first thing must be simply to browse it, to get the look and feel, to analyze its structure and to gather as much data as possible.
There are bunch of security scanning tools available – ranging from very expensive to free, from full-featured to very specialized. There is a blog post with some hints comparing free/open source and commercial security testing tools. Here we will try to show the software that we recommend to test for the newcomers.