Tech Solvency / Checks / www.techsolvency.com


Checks: site-checking tools for security, validity, and usability

Given a fully-qualified hostname, this form generates links to multiple site-checking tools. (Some tools prefer bare domains, so we will attempt to extract the domain - or you can specify one. If a tool gives different results for both, both are shown.) Tools in bold are essential. In most tools that provide a score or rating, red warrants short-term attention.

Enter your hostname below to generate custom links to each tool:

  • (or start over)

On larger screens, the table has a 'Description and notes' column.

On smaller screens, the 'Description and notes' column is hidden.

Tool links for hostname: www.techsolvency.com

(and potential links to site itself (not verified): HTTP and HTTPS)

Category Tool Test your host Description and notes
Attack surface Shodan * techsolvency.com Internet-wide IP / service scans. Requires free login for hostname search - definitely worth it.
Attack surface Censys * techsolvency.com Internet-wide IP / service scans. Be sure to check the 'IPv4', 'website', and 'certificates' sections. Eventually requires free login (after a certain number of queries per day).
Attack surface DNS Dumpster (use direct link) DNS and recon data, based on Censys and Rapid7 Internet-wide IP / service scans - but often has unique analysis and discovered hosts.
Attack surface RiskIQ Community Edition * techsolvency.com Wide variety of correlated public data. Be sure to check each tab. Free login required.
Attack surface ZoomEye www.techsolvency.com The Chinese equivalent of Shodan.
Attack surface Onyphe * www.techsolvency.com Internet-wide IP scans and botnet-list status. Requires free login for full search.
Multi Hardenize techsolvency.com, One of the best site security validation suites - includes HTTP TLS, HTTP headers, DNS/DNSSEC, email TLS, email controls (SPF/DKIM/DMARC), and more. Includes very clear explanations and analysis. Once you've assessed your public attack surface, start here.
Multi Internet.nl techsolvency.com Checks security and depth of IPv6, DNSSEC, and TLS
Multi Mozilla Observatory www.techsolvency.com Checks multiple site security parameters, and calls other tools on your behalf (including a few listed here). Be sure to check the 'TLS', 'SSH', and 'Third-Party Tests' tabs.
TLS Qualys SSL Labs Server Test † www.techsolvency.com The most thorough TLS tester - the gold standard. Takes a minute or two to run a fresh scan. To improve your score, consult the SSL Labs documentation, generate an appropriate config, and harden your IIS TLS config. Note that this tool can only check TLS on the default TCP port (443).
TLS crt.sh *.techsolvency.com, www.techsolvency.com Search public Certificate Transparency logs for cert issuance in a domain. If you acquire a public certificate, it will appear here - even if you have obscure DNS entries, etc. Operated by Comodo.
TLS HSTS Preload status , www.techsolvency.com The HSTS Preload list is a hard-coded list of sites that should be HTTPS only, embedded in browsers to eliminate the first HTTP-to-HTTPS redirection window. This tool checks both for the presence of the domain in the Preload list, and also if the domain is set up properly to be eligible for inclusion.
TLS DNS CAA Tester techsolvency.com Use DNS to specificy which registrars are authorized to issue certs for a domain. To create your own, use the SSLMate CAA Record Helper.
TLS CryptCheck www.techsolvency.com Simpler than Qualys SSL Labs, and more strict about cipher strengths, with a clear matrix of strength. A French site.
HTTP headers Security Headers † , www.techsolvency.com Validate security-specific HTTP headers, with tips. Check 'follow redirects' in the tool if neeeded. 'Referrer Policy' and 'Feature Policy' show up as red, but these are emerging standards - fix the others first. To get started on creating your headers, see Scott Helme's CSP cheat sheet. Send reports to a centralized location like Report URI (currently 10K events/month free).
HTTP headers Google CSP Evaluator www.techsolvency.com Evaluate a site's Content Security Policy header. You can also set up a local policy in Chrome prior to test your headers prior to publishing with the CSP Tester Chrome extension.
Email DMARC Inspector techsolvency.com Parse a site's DMARC policy for validity. Also includes an explanation of each element. See also the dmarc.org list of deployment tools.
Email GCA DMARC Guide techsolvency.com Simple cross-check for SPF, DKIM, and DMARC. See links on site for guidance and starting points. Use p=none DMARC mode to collect reports prior to moving to one of the enforcement modes.
Email MTA-STS validator (use direct link) DNS-based publication of Strict Transport Security policy for email. New standard (now RFC8461).
DNS IntoDNS DNS validator techsolvency.com General DNS validation - good coverage.
DNS DNSSEC Debugger (Verisign Labs) www.techsolvency.com Thorough validation of DNSSEC for a given host/domain.
DNS MXToolbox DNS SuperTool techsolvency.com Similar to IntoDNS, with some different checks.
SSH Rebex SSH Check www.techsolvency.com Health check of SSH key exchange, algorithms, MACs, compression, and key size. Duplicates the Mozilla Observatory SSH tests. Rebex is a Czech company.
Website Google Mobile-Friendly Test * www.techsolvency.com Validate usability on smaller screens. Google is moving to a "mobile first" indexing strategy, so make sure your site is usable on mobile. The major browsers' built-in web development tools now also include simulated mobile modes. Requires solving a CAPTCHA.
Website W3C CSS (CSS2) www.techsolvency.com Check CSS2 syntax - CSS2 (base page only).
Website W3C CSS (CSS3) www.techsolvency.com Check CSS3 syntax - CSS3 (base page only).
Website W3C HTML5 www.techsolvency.com Check HTML5 syntax - HTML5 (base page only).
Website W3C i18n www.techsolvency.com Check internationalization / UTF-8 (base page only).
Website WAVE www.techsolvency.com Accessibility checks (screen readers, color contrast, etc.).

* Requires an additional step (login or CAPTCHA) - either immediately, or after N queries, or to get additional functionality.
† Publishes a "recent best/worst" dashboard (but the links provided here automatically specify exclusion from them).

References

Disclaimers


Back to Tech Solvency.