Published on December 20th, 2010 | by NJ Ouchn0
wcanalyzer.com A free security service that audits your web.config settings
30+ Security Checks
High quality and compherensive security checks. You ‘ll be suprised when you see our report. Click for our vulnerability database.
Generates a detailed HTML report with vulnerability descriptions, secure configurations, remediation references.
Completely Automated Process
Our service deals with your web.config file without any human intervention, completely works in automated way, in notime.
Look security issues on tags; compilation, credentials, customErrors, forms, httpCookies, httpRuntime, pages, roleManager, sessionState, trace, trust, user.
wcanalyzer.com is a completely free service without any restriction or commercial plan.
No Collection & Storage
wcanalyzer.com doesn’t collect or hold any information.
List of Issues scanned by wcanalyzer.com
- ASP.NET Debugging Enabled
- Clear-Text Credentials
- Custom Errors Disabled
- Cookieless Authentication Enabled
- Unencrypted Communication with Auth. Cookies
- Non-Unique Authentication Cookie Used
- Sliding Expiration Used
- Liberal Path Defined
- URL Redirection is possible
- Your form tickets are not both encrypted-validated
- Your form tickets are not validated
- Your form tickets are not encrypted
- Web cookies are not HttpOnly
- Web cookies doesn’t require SSL
- Viewstate for CSRF
- No integrity check on ViewState
- ViewState is not encrypted
- ViewState may not be encrypted
- Page Validation is not using
- roleManager cookies doesn’t Require SSL
- roleManager Cookie Sliding Expiration Used
- roleManager cookies are not both encrypted – validated
- roleManager cookie are not validated
- roleManager cookie are not encrypted
- roleManager cookie path is Liberal
- Cookieless Session State Enabled
- Your web application’s trust level is higher than Minimal
- Hardcoded Credentials Used