Detectify is a tool that enables you to scan your website to detect vulnerabilities that could be exploited by hackers. After placing a file at the root of your website or inserting a meta tag to verify your ownership, you’ll be able to start scanning. The tool looks for multiple things:
- Vulnerabilities threatening your sensitive data directly, sorted in an ‘Exploits’ section (example: Cross-Site Scripting)
- Vulnerabilities that can lead to exploits once chained with other bugs, sorted in a ‘Warnings’ section
- Little things that don’t pose a direct threat, but that expose potentially sensitive information about your website that could help a hacker, sorted in a ‘Notices’ section (example: HTTP server version disclosure)
When it’s done scanning (which can take some time, some of my scans lasted for 16 hours), it will display the results in a nice little interface, sorting every problem in one of the three categories mentioned above. It also gives a priority to each problem found. When clicking on an error, it gives you more detailed information. You get a description of the problem, the page it was found, data that was sent/received, the line of HTML code that causes trouble and sometimes also how to fix the vulnerability.
The beta was completely free, but now that it’s out of beta, only the first scan is free. Every single scan after that will cost you $99, which is a little expensive for non-professionals. The test version remains very interesting, nevertheless. In fact, if you scan your website once your code is ‘finished’, you should be able to patch most of its vulnerabilities. Let’s not forget such a scan requires significant resources.
Last but not least: I contacted them to ask if it would be possible to get a promo code specially for you guys, and I got it. The code is plpeeters and will grant you 1 credit, which allows you to run one scan. To enter the code, click on a ‘Start scan’ button and then on ‘Add more credits’. The code can be used once per user and 50 times in total. It expires on March 18th, 2013 at 4:54 PM CET and the credit it grants is valid forever (until used, of course).
If you want to take a look at Detectify, head over to its website. This link is my referral link. It gives us both 1 free credit, which is equivalent to 1 scan.