I am looking for a programmer with extensive experience of website security to build a remote website scanner that will check for security vulnerabilities.
The way it will work is that there will be a form on a web page where a user can enter in their website URL and click 'Scan'. The system will then scan their website for a list of potential security vulnerabilities. After the scan it will show them which of the items their site passed and failed for.
We would like the scanner to be able to do thorough checks on as many different types of websites as possible.
This scanner is to be used by non technical, normal website owners, not technical admins, so we can include scans for very simple and basic things.
To give you an idea of what we are thinking, here are some of the basic checks that we thought it could scan for:
- Wordpress version number
- Sensitive information in the header
- Blacklist status
- Malware check
- Spam Check
- Cross site scripting
- SQL injection
- PHP version
- Directory indexing
- timthumb files
The scan will only show the results for the things it finds vulnerable on their site.
We are looking for someone who has extensive experience with website security and can build a scanner like this.
If you are interested in this job could you please include in your bid a list of the things you think we could scan for and a rough estimate of the time it would take to build each item into the scanner.
You can work from the list above, remove any items that are not possible to scan for or that you think are not necessary, and add other things that we could scan for.
The more things you can think of for us to scan for, the better, but obviously only include things that you know you could build into the scanner
Example of scanner:
[url removed, login to view]