Security categories

Browse security checks by topic.

Every check Barrion runs, grouped by what it's protecting. Pick a topic, run the tool free, get the fix. Default scans are production-safe and never touch state-changing routes.

FAQ

Security categories, answered.

What's the difference between /tools and /security-categories?
The /tools page is a flat catalog of every check Barrion runs. /security-categories groups those same checks by topic, so you can find them by what you're trying to protect. TLS, headers, CSP, cookies, CORS, DNS, email auth, network exposure, application vulnerabilities, and compliance overlays. Both reach the same underlying scanners.
Do I need to run every category?
No. Most teams start with the Complete Security Scan, which sweeps all categories at once and ranks the findings by severity. From there you'll know which categories have gaps worth fixing. The category pages exist for cases where you already know what you're auditing, for example a CSP rollout, a new TLS certificate, or an upcoming SPF/DKIM/DMARC change.
Are the checks safe to run against a production site?
Yes. Every default scan is read-only and production-safe. We don't submit forms, hit state-changing routes, or generate meaningful load. The same engine runs on the free tier and on the paid plans, so you can validate it against your own production app before signing up.
How do these categories map to compliance frameworks?
TLS, headers, and DNS controls map to PCI DSS, SOC 2 Common Criteria, ISO 27001 Annex A, and NIS2 technical measures. The Security Audit and Compliance Checker tools assemble category findings into framework-shaped reports you can hand to an auditor or share in a customer security review.
Where do the underlying checks come from?
Barrion runs a Barrion-built scanner stack on top of open-source tooling we credit openly. The scoring, deduplication against scan history, remediation copy, PDF exports, and continuous monitoring are the parts we operate around them. If you'd rather wire those engines together yourself, you can. If not, that's exactly what Barrion is for.

One scan covers every category.

Run the Complete Security Scan once. It exercises every category and ranks the findings by severity. Free, no signup needed to see the score.