What do you security test/monitor your site with?

[PremiumCodeX]

Hey!

Do you have someone to review your site from security viewpoint or do you use automated software to do it for you?

If the previous, where do you find this person? If the latter, what software would you recommend?

Let us turn this into a discussion so please attach your arguments too!

[1715082624]

1715082624

[cloverme]

Qualys and Tenable are vulnerability detection platforms that work very well. However, once you get through the basics, you need someone to go through code and doing some application security protection as well. The guys from Coalfire are fantastic, but very expensive, you can find qualified people on Upwork as well for a cheaper rate, but still qualified.

[nemgun]

you should check the Kali project, it is used to test/monitor the security of websites, it comes with full tools for auditing the security and for penetration testing, you even have  hundreds of exploits that can be used, i generally use it for DDOS testing, database penetration, XSS, shell injection ...
Great tool with loads of tutorials, but you shall have a VirtualMachine on your computer because it is an OS.

[BuySomeBitcoins]

Qualys and Tenable are vulnerability detection platforms that work very well. However, once you get through the basics, you need someone to go through code and doing some application security protection as well. The guys from Coalfire are fantastic, but very expensive, you can find qualified people on Upwork as well for a cheaper rate, but still qualified.

You will not get excellent coders from upwork.

small websites can start with https://sucuri.net/

[Kray]

you should check the Kali project, it is used to test/monitor the security of websites, it comes with full tools for auditing the security and for penetration testing, you even have  hundreds of exploits that can be used, i generally use it for DDOS testing, database penetration, XSS, shell injection ...
Great tool with loads of tutorials, but you shall have a VirtualMachine on your computer because it is an OS.

Do you mean kali linux?

[BuySomeBitcoins]

you should check the Kali project, it is used to test/monitor the security of websites, it comes with full tools for auditing the security and for penetration testing, you even have  hundreds of exploits that can be used, i generally use it for DDOS testing, database penetration, XSS, shell injection ...
Great tool with loads of tutorials, but you shall have a VirtualMachine on your computer because it is an OS.

Do you mean kali linux?

He meant probably using KALI pen-testing tools to scan websites against vulnerabilities.

[Emerge]

Sucuri.net is actually a really good resource. I haven't had problems with them so far

[PremiumCodeX]

Thank you for your suggestion! So, to start I could do basic security testing myself. I know Kali Linux a bit. It truly has an amazing set of tools. I have not used Qualys and Tenable yet, but according to their sites, they seem great too. What are the major advantages of Qualys, Tenable and Kali compared to each other? Or should I use more than one platform in the same time?

[nemgun]

I mean Kali-linux, it is a complete OS made for security testing, full of several softwares (open source and paid) who lets you audit your website, but it is reserved only to experienced users, you may also use it to learn but it will be difficult, even if there is a lot of tutorials on the web. The thing is that you have so much possibilities that you don't really from where you should start, you can test for DOS MIM SQLI BF ... it is a complete set, and i better like to use rather then pay for a useless or incomplete tool.