Currently we can provide four utilities for finding vulnerabilities, as well as scanner of PHP code for XSS, SQL injection and other vulnerabilities.
This is a list of utilities:
Find-Date - searching shells filled to site by an attacker.
Find-Port - checking open ports.
Find-Info - utility for checking folders and files rights.
Find-Error - mass files checking for syntax errors.
Each of the utilities makes not big but important contribution to the detection of errors and vulnerabilities. It is recommended to use each of them. The more so that they are easy to use and do not require much time or great knowledge.
When using the Find-Date (searching shells), you need to pay attention to the date of file creation. File shell date will come later than the rest of the dates of files of your site. Find-Port Utility will show open ports of your server and their purpose. If some port is open and its purpose is uncertain you may close it. The extra rights to files, especially rights of recording, can cause a malicious code which will be written in them. To check the files and folders rights, as it was written above, the Find-Info utility is intended. And the Find-Error utility can check syntax errors which may just bring down your site.
The basic service provided on our resource is XSS and SQL injection scanner. Now the current version is 0.5.3. Apparently this version does not differ from version 0.5.0, but the core of the scanner has been improved. Our scanner is reliable in results and easy to use in comparison with other scanners of vulnerabilities. Somebody can say that it does not find everything. That’s true, there is not a panacea. All the scanners miss this or that vulnerability. That is why we recommend the use of complex decisions. Site checking by our scanner takes a few seconds, not counting the time for a project loading, which depends on your internet speed. The tests of the various modules and plug-ins for open-source CMS show that 9 of 10 vulnerabilities found by the scanner are real. This figure is at times better than that of any existing code scanner at the moment, of course when you use it right. For example if you check the plug-in for CMS and download only plug-in to check the result will be incorrect. It should be repeated though it was written about it for many times. The scanner not only scans the code from beginning to the end, line by line. First it identifies the parameters received and returned by functions, and most of the functions are described not in the plug-in, but in the CMS. And only after that it analyzes all the code. That is why I remind you again that the result is not correct if only to download a plug-in to check or some separate file.
All means are good for security, especially if they are not cumbersome and effective. Those are namely the tools we provide.