The "Scoring" module helps to assess the overall security of the site and identify vulnerabilities and misconfigurations, as well as provides recommendations for their elimination
The "Scoring" module is available on the landing page, and it is also possible to perform an assessment in your personal account
Site evaluation instruction
- Go to address: https://wtotem.com/
- Click on the "Get free security test" button
- Click on "GET THE REPORT"Bug fixes recommendations are only available with product purchase
In order to assess the risks of the site in your personal account:
- Log in to your personal account
- Click on the logo in the upper left corner
- Select the site you need
- Click on the "LEARN MORE" button
If you only have one site:
- Go to the "All sites" page in the top menu of your personal account.
- And select the "Scoring" tab
The module scans the resource and makes a check for various points using the well-known OWASP standard. At the beginning of the scan, each resource is assumed as 100% secure. If the module detects a discrepancy in one of the checkpoints, the module subtracts a percentage from the total score, depending on the significance of the checked point.
SSL: Checks for the validity of the SSL certificate.
CMS: Checks for obsolete CMS version and checks for CVE on detected CMS.
Malware: Scans the resource for well-known malware such as worms, trojans, viruses, etc.
Security.txt: Checks for compliance with the security.txt standard
Defacement: Checks for the traces of an injected defacement.
JS components: Checks for obsolete versions of JS libraries, and the presence of CVE for detected versions of libraries.
HTTP methods: Checks for support for insecure HTTP methods.
Robots.txt: Checks for the presence of robots.txt.
Web Application Firewall (WAF): Checks for the presence of WAF.
Open ports: Checks for the presence of open ports.
Secure Cooke: Checks for the presence of cookies and the security of cookie settings.
HTTP Security Headers & CSP: Checks for the presence of secure HTTP headers, and the validity of the setting of the detected headers.
Email Leakage: Checks for email leaks.