'Probely' review that scans your website for vulnerabilities for free, paid plans can also output reports



For those who run their own websites, website security is a concern, including vulnerabilities in

CMS that can lead to virus intrusion. With ' Probely ', you can scan your website for vulnerabilities and security issues and even tell you how to fix it.

Web Vulnerability Scanner | Web Application Security Testing — Probely
https://probely.com/web-vulnerability-scanner/



Probely has four plans: 'Free', 'Starter', 'Pro' and 'Premium'. I want to see how much it can be used in the free version, so I decided to select 'Free' for the time being.



Enter your name and email address and click 'SUBMIT'.



You will receive an email asking you to set a password to the email address you entered. Click “Set Password” to set.



Enter the password and click 'SET NEW PASSWORD'.



Enter your email address and password and click 'SIGN IN'.



The screen for setting the website to be scanned is displayed. Only 'FREE TARGET' can be used with the 'Free' plan. After selecting, click 'CONTINUE'.



Enter the website name and URL and click 'CONTINUE'.



Move to the screen for settings related to scanning, such as custom headers, custom cookies, and BASIC authentication. This time, click “CONTINUE” with the same settings.



A confirmation screen for the settings will be displayed. Click 'CONFIRM' after confirming the settings.



Go to the scan screen. Click 'SCAN NOW' to scan immediately...



The scan has started.



The scan ended in an instant, probably because the test website prepared for scanning was lightweight. Click 'VIEW' to check the details.



The problem was displayed item by item.



Although there were no serious vulnerabilities, it was said that eight 'LOW' level security problems and vulnerabilities represented by blue were found.



Try clicking the 'Browser content sniffing allowed' item.



Details about the problem are displayed. There is an explanation that 'Browser content sniffing allowed' allows a browser that browses a website to infer the Content-Type not only by referring to the '

Content-Type ' of the HTML header but also by referring to the content content, which is a cross. It will lead to a site scripting attack.



When I scrolled the screen down, the correction method was described. If you are using

Apache as a web server, you should add the description in the red frame to the virtual host settings.




Looking at the 'EVIDENCE' tab, he also showed us the rationale for determining that there was a problem. It is shown that the reason for judging that there is a problem is that there is no 'X-Content-Type-Options' item in the HTML header.



The REQUEST tab allows you to view the HTTP request used to scan the item.



If you check the 'RESPONSE' tab, you can see the response to the HTTP request.



I fixed the problem on the web server right away, so I decided to scan again. Click 'CHOOSE' on the problem item screen.



'Re-test' to re-execute the scan for each item, 'Invalid' to report that the result is incorrect, 'Accept risk' to accept the risk, and select the member to deal with if the team is operating Probely. Assign” can be performed. This time, execute 'Re-test'.



'Browser content sniffing allowed' changed from 'NOT FIXED' to 'FIXED', confirming that the problem was properly fixed.



If you click 'DASHBOARD' on the left side, the scan results will be displayed in a graph.



You can also schedule a scan by specifying the date and time. Click 'SCAN' on the left to go to the scan screen and click 'SCHEDULE SCAN'.



After setting the start date and time and frequency, click 'SAVE'.



The scan has been scheduled for execution.



Actually, the website used for this scan was loaded with malware, but Probely's “Free” plan could not detect the malware. Only 'Lightning scans' can be done with the 'Free' plan, but detailed 'Full Scans' are possible with the 'Pro' plan, so try using the 'Pro' plan that can perform more detailed scans Especially.

The 'Pro' plan has a 14-day trial period, so you can use it initially for free. Go to your account screen to change your plan.



Click 'START TRIAL'.



I will use the website I set up as it is, so click the red frame part.


This time, since it is a 'Pro' plan, you can use the 'SINGLE ENVIRONMENT' setting that allows detailed scanning. After selecting, click 'CONTINUE'.



The setting after this is basically the same as that of the 'Free' plan, but it is now possible to set authentication other than BASIC authentication in the detailed scan settings.



It is also possible to set the host for AJAX.



Also, in the 'Pro' plan, a screen to confirm that it is the owner of the website was displayed, probably because it performs a more detailed scan. You can either place a file with a specific filename and content at the indicated location on your web server, or use a DNS record to authenticate.



This time, the method of arranging files is adopted. The file name, contents of the file, and the path of the web server where the file will be placed are displayed in the red frame, so place the file on the web server as instructed and click 'VERIFY'.



The website has been successfully authenticated. Click 'CONTINUE' to proceed.



Click 'CONFIRM'.



The home screen is displayed. There is no change in the operation feeling of the screen when using the 'Free' plan.



However, when I ran 'SCAN NOW' and started the scan, I found that the scan was clearly taking longer than when I was on the 'Free' plan, and was scanning more items.



The scan is completed after waiting about 15 minutes.



In the scan of the 'Free' plan, eight blue 'LOW' level problems were detected, while in the 'Pro' plan there were 18 'LOW' level problems, and in addition to the yellow 'MEDIUM' problem. One level problem was detected. It turns out that the number of problems that can be detected is still higher in the 'Pro' plan.



In addition, the 'Pro' plan can display the scan result report in PDF. Clicking 'Download PDF' on the detailed scan result screen...



The report is displayed in PDF.



With the 'Pro' plan, you can also manage the paths of websites you want to scan on the setting screen with a white list or black list, and you can also manage with a profile of scan settings.



However, malware that could not be detected by the 'Free' plan cannot be detected by the 'Pro' plan. Since it is a service that scans websites for vulnerabilities in the first place, it was found to be unsuitable for the purpose of checking if malware has been installed on one's website.

As for the pricing of Probely, 'Free' is free, 'Starter' is 49 euros (about 5770 yen) per month, 'Pro' is 89 euros (about 10,000 yen), 'Premium' is 399 euros (about 47,000 yen) (Yen), and you can check the differences between the plans from the following.

Pricing — Probely
https://probely.com/pricing/

in Web Service, Posted by darkhorse_log