For Magento, being one of the leading eCommerce platforms means constant flow of attention from entrepreneurs, developers and customers along with fraudsters, hackers and copy cats. Plenty of criminals are looking to target vulnerable stores in the eCommerce scope. Bad news is that it is hardly possible to predict when and how the attack will take place.

These could be a fraud with unwarranted chargebacks, utilizing fraudulent payment techniques.

Or a hacking attack that leads to crashing down your store or extorting money. Hackers can also hunt on that sensitive customer data on your web store.
Or copycats, who can steal your unique content and/or replicate your store and sell fake products under your company’s brand.

How do you check malware on a website? How can you have a peace of mind and be sure that your Magento shop doesn’t expose to any security risk? Are there any tools to check Magento websites?

Just like with any disease it’s easier to prevent than to cure. The best prevention is automated security scanning like WatchDogs.

Detectify is a web security service that simulates automated hacker attacks on your website, detecting critical security issues before the real hackers come on stagedo. They check website for over 500 vulnerabilities, including OWASP Top 10.

OWASP Top 10:

1. Injection
2. Broken Authentication and Session Management
3. Cross-site Scripting
4. Insecure Direct Object Reference
5. Security misconfiguration
6. Sensitive Data Exposure
7. Missing Function Level Access Control
8. Cross-site Request Forgery
9. Using Components with Known Vulnerabilities
10. Unvalidated Redirects and Forwards

Detectify has integrations with Slack, Hipchat, API, PagerDuty, Trello, Zapier, JIRA.

Detectify works great for developer teams. You can add members and share results, test for different devices and user agents, with customized cookies and different levels of aggressiveness.

The Detectify team is struggling to bring you the most up-to-date security service so that you regularly share the newly added security tests.

Pricing: 

Starts from $48 per scan profile, per month, billed annually

Trial version: 

14 days

Acunetix is the leading web vulnerability scanner used by serious fortune 500 companies and widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology. Available on premise and online.

Acunetix provide website security with monitoring:

• Cross-site Scripting
• SQL Injection
• Reflected XSS
• CSRF Attacks
• Directory Traversal

Pricing:

Starts from $ 345 per website + 3 FREE Network Targets

Trial version:

14 days

If you need to find all vulnerabilities in Magento it’s better to ask Magento gurus. Some of them took part in MageReport.com development. This great free tool checks your Magento shop for all known vulnerabilities in Magento and even some commonly used 3rd party extensions in a minute. More than 8M shops have been scanned so far with MageReport.com.
With this handy tool you’ll learn about:

• Installed and uninstalled security patches
• EM_Ajaxproducts RCE vulnerability
• Cart2Quote RCE vulnerability
• Visbot malware
• Unprotected Magmi
• Unprotected development files
• Brute force attacks
• Unmaintained server
• SSL protection status
• Webforms vulnerability, etc.

And  most importantly they provide detailed recommendations on  how to fix the detected issues.

Also, it works as a tool to check Magento version.

Pricing:

FREE

External Scan test that provides a high-level report of the following checks.

Foregenix detects:

• Malware Detection
• Unprotected CardHolder Data
• Attacker File Changes
• Webshells/Backdoors
• Website Plugin Verification

It checks: Magento shoplift, Magmi, Outdated version, Unprotected version control ,Cloud, Harvester malware, Credit card hijack, XSS/RSS attack, Secrets leak, Admin takeover/disclosure.
And provides PCI Compliance Security Monitoring + Automated/Customisable Detection & Alerting.

Pricing:

Custom approach

Trial version:

You can check website health for free, but there isn’t any trial or free monitoring option.

It specializes in removing website malware, blacklists, phishing, infections, defacements, SEO spam, and other infections from infected websites.

SUCURI features:

• Web Application Firewall
• Intrusion Detection System
• Intrusion Prevention System
• Managed Audit Logs / Security
• Layer 7 DDoS Protection
• HTTP Flood Protection
• Brute Force Protection
• Virtual Patching and Hardening
• SQL, XSS and code injection prevention
• One-click 2FA, Captcha and Password Protection on any page
• External CDN Support
• SSL Certificate Support
• HTTP/2 Support
• HTTPS DDoS Protection
• Advanced DDoS Protection (Layer 3 and 4)
• High Availability / Redundancy
• Load Balancing

Pricing:

Starts from $16.66 per website, per month

Trial version:

Doesn’t have free or trial version

But what if you need non-stop security and performance monitoring of your Magento store,  top-notch Magento developers team that will act on hack attacks immediately remove injected malware code and fix web store’s functional issues? “A piece of cake” – WatchDogs would say. Subscribe and check right now;)