We are IT security professionals and have performed hundreds of website scans in our day jobs. We have worked with websites possibly very similar to yours and we have seen how security becomes more and more often exploited by hackers and in the end result in reputation and monetary losses. Small and midsize businesses used to withhold taking proper security precautions because they thought they were too small of a company to be targeted by hackers. However, small businesses now realize that they are just as vulnerable to worms, spam and other random cyber plagues as large enterprises. In our opinion your website might be at risk as well. To help businesses with their security needs, we have created this Online service. It is a mix of automated tools and manual testing, as a result of this we fully support all modern web technologies including new video standards, HTML5 and CSS3. Our false positives ratio is 0%.

Fig 1. Web application insecurity diagram

Powerfuzzer ONLINE founder has over 10 years experience in Internet and computer systems security. He is an active contributor and researcher to Open Source projects and information security arena (tools, modules, exploits, research).

We co-operate and consult with people who helped guide and create internet-security solutions for companies like IBM, Google, Novell, TD Waterhouse and Merrill Lynch.

Currently, our service will scan these areas to identify potential issues:

SQL Injection
Local File Inclusions & Arbitrary File Reading
Remote File Inclusions
Remote Code Injection / Evaluation
XSS (Cross-site Scripting)
OS Level Command Injection
CRLF / HTTP Header Injection / Response Splitting
Flash/Actionscript insecurities
Ajax/Web 2.0 insecurities
Backup Files
Crossdomain.xml Analysis
Robots.txt
Google Sitemap Files
TRACE / TRACK Method Support
ASP.NET Debugging
ASP.NET Trace
Checks for CVS, GIT and SVN Information and Source Code Disclosure Issues
PHPInfo() pages and PHPInfo() disclosure in other pages
Apache Server-Status and Apache Server-Info pages
Hidden Resources
Basic Authentication over HTTP
Password Transmitted over HTTP
Password Form Served over HTTP
Source Code Disclosure
Auto Complete Enabled
E-mail Address Disclosure
Internal IP Disclosure
Cookies are not marked as Secure
Cookies are not marked as HTTPOnly
Directory Listing
Stack Trace Disclosure
Version Disclosure
Access Denied Resources
Internal Path Disclosure
Programming Error Messages
Database Error Messages

Our testing methodology covers OWASP, OSSTM and NIST 800-42 requirements and best practices.

Pricing

Please click on 'Scan now!' button on the scanner submission page to get your price for the scan. Your website will be scanned every 3 months. You can cancel anytime, if you need more frequent scanning please contact us directly. Payments are processed via PayPal. We are PayPal verified business since 2004 (click here to verify). If you're not comfortable with PayPal payment, please contact us directly to arrange other payment method. We also offer 30% advance payment plans, the remainder is paid upon Project completion.

For a more complete security assessment, we recommend performing a fully manual test and hiring a local or teleworking consultant. Please contact us for more details.

Some additional information about why our service is superior in comparison to others:

Software

• We leverage state of the art commercial, open source & proprietary tools.

Hardware

• Quad core, 64-bit machine (8+ ghz)
• RAID1 disk storage
• Gigabit network backbone

Facilities

• Located in a state of the art, $7 million dollar data center
• Redundant power, UPS, cooling and fiber
• Biometric authentication, key card access and video surveillance
• 24×7 staffed NOC and customer support
• 24×7 custom monitoring tools with email/SMS timed escalations

Privacy & Security

• No scanning information is stored on our systems
• No payment & customer's details are stored in our system. Payments are processed via PayPal.
• Experienced security professionals from financial and telecom industries