Free Code Risk, Vulnerability Assessment Tools
There is understandingly a growing concern regarding the exploitation of plugins and databases worldwide. The number of WordPress plugins in the market has sky rocketed providing more opportunities for unsavory individuals to find ways to exploit your business.
If you feel that your WordPress site may be at risk, take a look at these services below to help you determine if there are any issues that can be spotted and fixed.
Coderisk is a relatively new plugin risk reporting tool. It provides a risk score between 0-100 in a very easy to understand format.
The service provided by The Breach Level Index tracks publicly disclosed data breaches and offers a risk assessment service. Their Risk Calculator enables you to check your risk score and assess breach level severity.
WPScan is a service that catalogs vulnerabilities in WordPress Core and WordPress plugins and themes. Developers can integrate their non-commercial software with the site’s database using API. Free vulnerability alerts over email are available.
Rapid7’s vulnerability database comprises about 70,000 vulnerabilities and links them to relevant groups and additional technical documentation. Their other free tools include Injection Cheat Sheet and SQL Injection Cheat Sheet.
BreachAlarm is a service that scans the Internet for stolen passwords and generates alerts if a password of yours is on the list of credentials compromised in a data breach. Their anonymous service lets you check whether a malicious agent has posted any of your passwords online. Real-time alerting is available.
CVE Details offers a huge list of known security vulnerabilities. You can browse or search vulnerabilities by vendors and products as well as by date or type. The site assigns a severity score to each vulnerability to help visitors identify the ones that need immediate patching.
The NIST (NVD) is the U.S. government repository of standards based vulnerability management data. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.