I downloaded their free website scanner. I installed it and entered my url. What the software does is to try to hack your website. It’s like penetration testing. The exercise lasted nearly an hour and I washed as the software was unleashing these attacks:
SQL Injection (Blind)
Local File Inclusion
Remote File Inclusion
HTTP Header Injection
Remote Code Evaluation
Web App Fingerprint
RoR Code Execution
on the website. I actually received about 300 junk emails from the software during the exercise. And I found out that the html5 ‘require’ was actually bypassed in some cases because I actually received an empty messages which shouldn’t have gone through ordinarily. After, the exercise, the website remained intact.
I guess the reason is because the form data actually will be sent to a gmail account and not to a database. I think gmail actually prevented the software from hacking the website.
Well, I am becoming more concerned now about web security. I will really like to learn how to tighten up websites and databases from malicious attackers.