ImmuniWeb’s online test quickly verifies relevant GDPR and PCI DSS requirements, checks CMS security and runs a privacy check. The test was initially designed for SMEs and organisations with nascent application security testing programs.
Large organisations with mature DevSecOps programs can also quickly run hundreds of daily GDPR scans ensuring essential security and compliance of their external web applications.
The free security test:
- Verifies PCI DSS requirements 6.2, 6.5 and 6.6
- Verifies GDPR requirements mentioned in Articles 5, 6, 7, 25, 32 and 35 applicable to websites and web applications
- Fingerprints versions of over 100 most popular CMS, web frameworks and over 167,000 of their plugins
- Runs a comprehensive but non-intrusive vulnerability scan for all known vulnerabilities in the fingerprinted software
- Checks over 20 HTTP headers related to security, encryption or privacy for strong configurations in line with industry best practices, including ones from OWASP
- Assesses Content Security Policy (CSP) to prevent some XSS and CSRF exploitation vectors, as well as variations of ransomware and Cryptojacking attacks.
ImmuniWeb selected the 100 most visited websites in each of the 28 European member states and ran the following non-intrusive checks:
- Nonconsensual or insecure usage of cookies handling potentially sensitive or tracking data (78.25% failure)
- Outdated and vulnerable CMS or CMS components (6.75% failure)
- No HTTPS encryption or usage of SSLv3 (5.96% failure).
Ilia Kolochenko, CEO and founder of ImmuniWeb, said: “We can see laudable efforts aimed to improve web application security and adhere to GDPR requirements amid European companies.
“To help companies comply with the intricate requirements of GDPR, most of which are quite far from being crystal-clear today, we are happy to enhance our community offering with the new free test. More cool features are coming soon, please stay tuned.”
The GDPR test is now also integrated with ImmuniWeb Discovery to quickly build a comprehensive inventory of an organisation’s web, mobile and cloud assets, providing ultimate asset visibility.