Siwecos-Scanner/EN
Siwecos Website Scanners
TLS-Scanner
The TLS Scanner allows you to check the encryption protocol (TLS) of your servers for vulnerability. If you are using an out-dated encoding version or are relying on out-dated processes (Cryptographic Primitive), this will be detected by our scanner. The TLS scanner is also capable of detecting problems with the certificate in use and inform you about weak key-lengths and expired certificates (German only) that could enable an attacker to decrypt the communication between you and your customers. In addition, the TLS Scanner can test your TLS implementation for common attacks like man-in-the-middle-attack (Insecure Renegotiation), Poodle and Heartbleed.
Information:
HTTPS-NO-RESPONSE
HTTPS-NOT-SUPPORTED
Certificates:
CERTIFICATE-EXPIRED
CERTIFICATE-NOT-SENT-BY-SERVER
CERTIFICATE-NOT-VALID-YET
CERTIFICATE-WEAK-HASH-FUNCTION
Cryptography:
CIPHERSUITE-ANON
CIPHERSUITE-EXPORT
CIPHERSUITE-NULL
CIPHERSUITE-RC4
CIPHERSUITE-DES
CIPHERSUITEORDER-ENFORCED
PROTOCOLVERSION-SSL2
PROTOCOLVERSION-SSL3
PROTOCOLVERSION-TLS13
Attacks:
BLEICHENBACHER-VULNERABLE
CRIME-VULNERABLE
HEARTBLEED-VULNERABLE
INVALID-CURVE-EPHEMERAL-VULNERABLE
INVALID-CURVE-VULNERABLE
PADDING-ORACLE-VULNERABLE
POODLE-VULNERABLE
TLS-POODLE VULNERABLE
SWEET32-VULNERABLE
DOMXSS-Scanner
Der XSS-Scanner macht auf potentielle Gefahrenstellen im Seitenquelltext aufmerksam. Darunter fällt die Erkennung von DOM basierten Schwachstellen, welche es einem Angreifer erlauben könnten, z.B. Schadcode in Form von Javascript im Kontext Ihrer Webapplikation auszuführen.
