|
|
| (12 dazwischenliegende Versionen von 3 Benutzern werden nicht angezeigt) |
| Zeile 1: |
Zeile 1: |
| − | == '''Siwecos Website Scanners''' == | + | == Siwecos Website Scanners == |
| | | | |
| − | <br>
| + | {{:TLS_Scanner/EN}} |
| | | | |
| − | '''<span style="color:#c31622">TLS Scanner<span>'''
| |
| − | <br>
| |
| | | | |
| − | The [[TLS Scanner|TLS-Scanner]] allows you to check the encryption protocol ([[Transport Layer Security|TLS]]) of your [[Server|Servers]] for security flaws. If you are using an outdated encryption version, or if you rely on outdated algorithms ([https://en.wikipedia.org/wiki/Cryptographic_primitive cryptographic primitive]), this will be detected by our scanner. Furthermore, the TLS scanner can recognize problems concerning the current [[Zertifikate|Zertikat]] and to alert you to weak key lengths and expired certificates, which could allow an attacker to decrypt your communication with your customers. The TLS scanner can also test your current [[Transport Layer Security|TLS-Implementierung]] for known vulnerabilites such as man-in-the-middle attacks ([[Man-in-the-middle|Insecure Renegotiation]]), [[Poodle]] or [[HEARTBLEED-VULNERABLE|Heartbleed]]. <!--[https://www.siwecos.de/wiki/Kategorie:TLS-Scanner Checks des TLS-Scanners]--> <br>
| + | {{:DOMXSS_Scanner/EN}} |
| − | <br>
| |
| − | '''''General:'''''
| |
| − | *[[Reaktionszeit-Ueberschritten/DE | HTTPS-NO-RESPONSE]]<br>
| |
| − | *[[Keine-TLS-Unterstuetzung/DE|HTTPS-NOT-SUPPORTED]]
| |
| − | '''''Zertifikate'':'''
| |
| − | *[[Zertifikat-Abgelaufen/DE|CERTIFICATE-EXPIRED]]<br>
| |
| − | *[[Zertifikat-Nicht-Gesendet/DE|CERTIFICATE-NOT-SENT-BY-SERVER]]<br>
| |
| − | *[[Zertifikat-Nicht-Gueltig/DE|CERTIFICATE-NOT-VALID-YET]]<br>
| |
| − | *[[Schwache-Verschluesselung/DE|CERTIFICATE-WEAK-HASH-FUNCTION]]
| |
| − | '''''Verschlüsselung'':'''
| |
| − | *[[Schluesselaustauschverfahren/DE|CIPHERSUITE-ANON]]<br>
| |
| − | *[[Geschwaechtes-Verschluesselungsprotokoll/DE|CIPHERSUITE-EXPORT]]<br>
| |
| − | *[[Unverschluesselte-Kommunikation/DE|CIPHERSUITE-NULL]]<br>
| |
| − | *[[Unsichere-Verschluesselungsfunktion-RC4/DE|CIPHERSUITE-RC4]]<br>
| |
| − | *[[Schwaches-DES-Verschluesselungsprotokoll/DE|CIPHERSUITE-DES]]<br>
| |
| − | *[[Verschluesselungsmethode-Client/DE|CIPHERSUITEORDER-ENFORCED]]
| |
| − | '''''Protokolle'':'''
| |
| − | *[[Veraltete-Protokollversion-SSL2/DE|PROTOCOLVERSION-SSL2]]<br>
| |
| − | *[[Veraltete-Protokollversion-SSL3/DE|PROTOCOLVERSION-SSL3]]<br>
| |
| − | *[[PROTOCOLVERSION_TLS13|PROTOCOLVERSION-TLS13]]<br>
| |
| − | '''''Angriffe'':'''
| |
| − | *[[Bleichenbacher-Schwachstelle/DE|BLEICHENBACHER-VULNERABLE]]<br>
| |
| − | *[[Crime-Schwachstelle/DE|CRIME-VULNERABLE]]<br>
| |
| − | *[[Heartbleed-Schwachstelle/DE|HEARTBLEED-VULNERABLE]]<br>
| |
| − | *[[Invalid-Curve-Ephemeral-Schwachstelle/DE|INVALID-CURVE-EPHEMERAL-VULNER ABLE]]<br>
| |
| − | *[[Invalid-Curve-Schwachstelle/DE|INVALID-CURVE-VULNERABLE]]<br>
| |
| − | *[[PADDING-ORACLE-Schwachstelle/DE|PADDING-ORACLE-VULNERABLE]]<br>
| |
| − | *[[TLS-POODLE-Schwachstelle/DE|POODLE-VULNERABLE]]<br>
| |
| − | *[[TLS-POODLE-Schwachstelle/DE|TLS-POODLE-VULNERABLE]]<br>
| |
| − | *[[Sweet32-Schwachstelle/DE|SWEET32-VULNERABLE]]<br>
| |
| | | | |
| | | | |
| − | '''<span style="color:#c31622">XSS Scanner<span>'''
| + | {{:Header_Scanner/EN}} |
| − | <br>
| |
| | | | |
| − | The [[DOMXSS_Scanner|XSS-Scanner]] can recognize typical attempts to exploit security flaws ([[Cross-Site Scripting]]) in your web application. This includes recognition of [[Cross-Site Scripting|DOM basierten Schwachstellen]], which could allow an attacker, for example, to execute malicious code in [[Javascript]] in the context of your web application. <!--[https://www.siwecos.de/wiki/Kategorie:DOMXSS-Scanner Checks des DOMXSS-Scanner]--> <br>
| |
| | | | |
| − | *[[DOMXSS-Schwachstelle/DE|SINKS]]<br>
| + | {{:Info_Leak_Scanner/EN}} |
| − | *[[Schadcode-Ueber-Fremde-Quellen/DE|SOURCES]]
| |
| | | | |
| | | | |
| − | '''<span style="color:#c31622">HTTP Security Header Scanner<span>'''
| + | {{:Initiative-S_Scanner/EN}} |
| − | <br>
| |
| − | | |
| − | Unnoticed by the user, the header (HTTP header Protocol) of a webpage is communicated between the client and the server every time the web page is called up and responds. The header influences browser behavior on the client side. For the most part, these are handled independently from the called web application and are defined in the webserver configuration. The [[Header Scanner|HTTP-Security-Header-Scanner]] allow you to check the header ([[HTTP]]-Header) of your web application for insecure configuration settings. The scanner([https://en.wikipedia.org/wiki/Web_crawler Crawler]) checks the information in the [[HTTP]] header of your web page and gives you a report about the detected vulnerabilities which could allow an attacker to launch attacks using a forged caller IP address ([[IP-Spoofing|Spoofing]]). <!--[https://www.siwecos.de/wiki/Kategorie:HTTP_Secure_Header-Scanner Checks des HTTP_Secure_Header-Scanner]--> <br>
| |
| − | | |
| − | *[[Content-Security-Policy-Schwachstelle/DE|CONTENT-SECURITY-POLICY]]<br>
| |
| − | *[[Content-Type-Nicht-Korrekt/DE|CONTENT-TYPE]]<br>
| |
| − | *[[Public-Key-Pins-Deaktiviert/DE|PUBLIC-KEY-PINS]]<br>
| |
| − | *[[Keine-Verschluesselung-Gefunden/DE|STRIKT-TRANSPORT-SECURITY]]<br>
| |
| − | *[[X-Content-Type-Options-Schwachstelle/DE|X-CONTENT-TYPE-OPTIONS]]<br>
| |
| − | *[[X-Frame-Options-Schwachstelle/DE|X-FRAME-OPTIONS]]<br>
| |
| − | *[[XSS-Schwachstelle/DE|X-XSS-PROTECTION]]
| |
| − | | |
| − | | |
| − | '''<span style="color:#c31622">Information Leakage Scanner<span>'''
| |
| − | <br>
| |
| − | | |
| − | The [[Info Leak Scanner|Information-Leakage-Scanner]] searches your web applications and gives you a report about unintentionally detailed information on how the application is built, or about the software version that is used, or other information which should not be revealed publicly. These leaks should be fixed as quickly as possible. <!--[https://www.siwecos.de/wiki/Kategorie:InfoLeak-Scanner Checks des InfoLeak-Scanner]--> <br>
| |
| − | | |
| − | *[[Content-Management-System-Gefunden/DE|CMS]]<br>
| |
| − | *[[Email-Adresse-Gefunden/DE|EMAIL]]<br>
| |
| − | *[[Javascript-Schwachstelle/DE|JAVASCRIPT]]<br>
| |
| − | *[[Plugin-Gefunden/DE|PLUGIN]]<br>
| |
| − | *[[Telefonnummer-Gefunden/DE|TELEFONNUMMER]]
| |
| − | | |
| − | | |
| − | '''<span style="color:#c31622">Initiative-S Scanner<span>'''
| |
| − | <br>
| |
| − | | |
| − | This scanner by [https://initiative-s.de/de/index.html Initiative-S] checks the domain against known blacklists ([https://en.wikipedia.org/wiki/Blacklisting Blacklists]) for [[Phishing]], [[Malware]] and [[Spam]].<br>
| |
| − | | |
| − | *[[Phishing-Inhalte/DE|PHISHING-INHALTE]]<br>
| |
| − | *[[Spam-Inhalte/DE|SPAM-INHALTE]]<br>
| |
| − | *[[Malware-Inhalte/DE|MALWARE-INHALTE]]<br>
| |
| | | | |
| | | | |
| | [[Category:Siwecos-Scanner]] | | [[Category:Siwecos-Scanner]] |
| − | [[Category:Glossar]]
| |
| | | | |
| | | | |
| | __NOTOC__ | | __NOTOC__ |
Siwecos Website Scanners
TLS-Scanner
The TLS Scanner allows you to check the encryption protocol (TLS) of your servers for vulnerability. If you are using an out-dated encoding version or are relying on out-dated processes (Cryptographic Primitive), this will be detected by our scanner. The TLS scanner is also capable of detecting problems with the certificate in use and inform you about weak key-lengths and expired certificates (German only) that could enable an attacker to decrypt the communication between you and your customers. In addition, the TLS Scanner can test your TLS implementation for common attacks like man-in-the-middle-attack (Insecure Renegotiation), Poodle and Heartbleed.
XSS-Scanner
The XSS-Scanner highlights potential dangers in the website source code. This includes the detection of cross-site scripting (DOM based vulnerabilities), which could enable an attacker to execute e.g. malware in the form of JavaScript in the context of your web application.
Unseen by the user, the header (HTTP-Header Protokoll) of a website is exchanged between the Client and the Server for every query and response. The Header influences the behavior of the browser on the user side. Largely, these are handled independently of the queried Webapplikation and are defined in the webserver configurations. The Header_Scanner now allows you to examine the HTTP header of your web application for insecure configurations. The scanner (Crawler) checks the information of the HTTP-header of your website and generates a report on any vulnerabilities found that could enable an attacker to execute attacks via faked sender IP addresses (Spoofing).
Info Leak Scanner
The Info Leak Scanner searches through your webapplikation and generates a report on possibly unintentionally detailed information – e.g. on the structure of the application or software version in use – which should not be made public. Findings should be rectified as quickly as possible.
Initiative-S Scanner
This Initiative-S scanner matches the domain with known blacklists for botnets, phishing, malware and spam.
