Automated Security Analyser for ASP.NET Websites

About ASafaWeb

Welcome to ASafaWeb, the Automated Security Analyser for ASP.NET Websites. The purpose of ASafaWeb is to make scanning for common configuration vulnerabilities in live ASP.NET websites dead easy. To that effect, you don't need anything more than a URL to get started and ASafaWeb will head off and report on anything it can find which is remotely detectable.

How does it scan websites?

ASafaWeb simply makes HTTP requests to the site and looks for responses which suggest there might be configuration issues. It doesn't attempt to do anything invasive and the full list of scans and the requests they make are outlined in the Scan overview page.

What about privacy?

ASafaWeb absolutely, positively does not store any identifying info about the sites people ask it to scan. There's some basic de-identified logging just for analytics purposes (duration of scan, whether they pass or fail, server version from the headers, etc.), but that's it.

What's in the box?

ASafaWeb is built from some of the best bits Microsoft and friends have to offer:

And all wrapped up with a liberal sprinkling of NuGet packages and presented with some selective elements from HTML 5. All the code samples appear using the Son of Obsidian Visual Studio colour scheme. As well as being the top rated scheme over on Studio Styles, it plays nicely with the dark tones of this site.

Who's behind this?

Me — Troy Hunt of and @troyhunt, Microsoft MVP for Developer Security. The evolution of ASafaWeb has been captured on my blog under the ASafaWeb tag.