Press release

ImmuniWeb Launches Free Website Security and GDPR Compliance Test

0
Sponsored by Businesswire

ImmuniWeb,
a global provider of web, mobile and API security testing and risk
ratings
, has now added a GDPR compliance check to its website
security test
.

The test was initially designed for SMEs and organizations with nascent application
security testing
 programs. Large organizations with mature DevSecOps
programs can also quickly run hundreds of daily GDPR scans ensuring
essential security and compliance of their external web applications.

The free security test:

  • Verifies PCI
    DSS
     requirements 6.2, 6.5 and 6.6.
  • Verifies GDPR requirements mentioned in Articles 5, 6, 7, 25, 32 and
    35 applicable to websites and web applications.
  • Fingerprints versions of over 100 most popular CMS, web frameworks and
    over 167,000 of their plugins.
  • Runs a comprehensive but non-intrusive vulnerability scan for all
    known vulnerabilities in the fingerprinted software.
  • Checks over 20 HTTP headers related to security, encryption or privacy
    for strong configurations in line with industry best practices,
    including ones from OWASP.
  • Assesses Content Security Policy (CSP) to prevent some XSS and CSRF exploitation
    vectors, as well as variations of ransomware and Cryptojacking attacks.

To test how the largest European websites adhere to GDPR requirements
related to web applications, ImmuniWeb selected the 100 most visited
websites in each of the 28 European member states and ran the following
non-intrusive checks:

  • Missing or hard-to-get privacy policy (51.50% failure)
  • Nonconsensual or insecure usage of cookies handling potentially
    sensitive or tracking data (78.25% failure)
  • Outdated and vulnerable CMS or CMS components (6.75% failure)
  • No HTTPS
    encryption
     or usage of SSLv3 (5.96% failure)

Full results and country breakdown are here.

Ilia Kolochenko, CEO and Founder of ImmuniWeb, comments: “We can see
laudable efforts aimed to improve web application security and adhere to
GDPR requirements amid European companies. To help companies comply with
the intricate requirements of GDPR, most of which are quite far from
being crystal-clear today, we are happy to enhance our community
offering with the new free test. More cool features are coming soon,
please stay tuned.

The GDPR
test
 is now also integrated with ImmuniWeb®
Discovery
 to quickly build a comprehensive inventory of an
organization’s web, mobile and cloud assets, providing ultimate asset
visibility.