Provider of Web, mobile and API security testing and risk ratings vendor ImmuniWeb has added a GDPR compliance check to its Web site security test.
Initially designed for SMEs and businesses with fledgling application security testing programs, the test can also be used by large organisations with mature DevSecOps programs to run hundreds of daily GDPR scans, to ensure the security and compliance of their external Web applications.
The free security test verifies PCI DSS requirements 6.2, 6.5 and 6.6. It also verifies GDPR requirements mentioned in Articles 5, 6, 7, 25, 32 and 35 applicable to Web sites and Web applications.
In addition, it fingerprints versions of over 100 most popular CMS, Web frameworks and over 167 000 of their plugins, and runs a comprehensive but non-intrusive vulnerability scan for all known vulnerabilities in the fingerprinted software.
The test checks over 20 HTTP headers related to security, encryption or privacy for strong configurations in line with industry best practices, including ones from OWASP, and assesses content security policy to prevent some cross-site scripting and cross-site request forgery exploitation vectors, as well as several varieties of ransomware and crypto-jacking attacks.
To test how the largest European Web sites adhere to GDPR requirements related to Web applications, ImmuniWeb selected the 100 most visited Web sites in each of the 28 European member states and ran several non-intrusive checks.
It looked for missing or hard-to-get-to privacy policy, and found 51% failure. When it came to non-consensual or insecure usage of cookies handling potentially sensitive or tracking data, it found a 78% failure. Outdated and vulnerable CMS or CMS components showed 7% failure and no HTTPS encryption or usage of SSLv3, a 6% failure.
Ilia Kolochenko, CEO and founder of ImmuniWeb, says there have been “laudable efforts” aimed at improving Web application security and adherence to GDPR requirements within European companies.
“To help companies comply with the intricate requirements of GDPR, most of which are far from being crystal-clear today, we are happy to enhance our community offering with the new free test. More cool features are coming soon; please stay tuned.”
Share