Online Security Scanner

User Guide

Introduction

  1. Welcome to Online Security Scanner by Infopulse! These professional automated services are designed for protection of your websites. This Guide will help you to use our services in the best possible way, even if you are not a cyber security specialist.
  2. First, if you have not read the Frequently Asked Questions page, we suggest you to do that, because it contains some important initial information about information security assessment and information security vulnerabilities, also known as technical vulnerabilities. Then you can look through the Wikipedia page about the computer vulnerabilities. This knowledge will help you to use our services optimally, however they are designed also for beginners.
  3. Website security vulnerabilities is a kind of computer vulnerabilities, which can be present in the source code or configuration of your web pages, web server, web applications, databases, database engines, backend application, etc. Your website can have security vulnerabilities, even if nobody knows about that yet. It is always better when the provider of your website components or the security researchers find the vulnerabilities before the hackers (Darknet, black market, etc.) do. However, sooner or later, any vulnerability becomes known to the security researchers, – before or after the hackers exploit this vulnerability for their attacks. The security researchers update special vulnerability databases, knowledge bases, security scanners and scanning engines as soon as possible, to help us uncover whether your websites are vulnerable or not.
  4. Our Online Security Scanner is using several vulnerability databases and scanning engines to help better detect various website vulnerabilities. Some of the engines: Nikto, SSLscan, DNS Bruteforcer, DNS Zone Transfer analyzer, DNS Harvester, Robots.txt Analyzer, Bruteforce predictables discovery, Sqlmap, Wpscan, Joomscan, OWASP ZAP (Zed Attack Proxy, zaproxy). You do not have to install these engines on your computer, configure, schedule or run them manually. We do this for you. Moreover, we can continuously monitor the security of your website and notify you, when its vulnerabilities increase or decrease. Now let us see how to use these services.

How to use the Online Security Scanner

  1. Online Security Scanner provides a free on-demand automatic analysis of your website.
  2. In short, just go to the Scanner Home, 1) select QUICK SCAN or NORMAL SCAN, 2) paste your website URL (address), type your name, email, 3) click the checkbox that you agree with the Terms of use and the Privacy Policy, 4) check the ‘I'm not a robot’ (CAPTCHA) checkbox, 5) click ‘Start scanning’ button and follow the instructions.
  3. What is the difference between QUICK SCAN and NORMAL SCAN? Quick Scan takes only 5 minutes, does not need an email confirmation, but gives very limited and unreliable results. Normal Scan requires that you read an activation email notification and click the activation link in it. The Normal Scan can take several hours, but gives more results, including a convenient report.
  4. Why do you need to notify your website hosting service provider about the vulnerability scanning? Sometimes the providers block vulnerability scanning attempts. Of course, it is good for you, because the provider probably will block the hacker's attempts as well. However, what if hackers will use more sophisticated methods to circumvent the provider's security controls? Never rely on a single security layer! Your website should be secure itself, independently from any provider.

    Thus, we recommend to make an exclusion for our scanner in the provider security controls like WAF or IPS, to get more objective information about the security of your website itself, and not the security of your hosting provider.

    Another consideration of notifying the provider about the vulnerability scanning is that sometimes (very rarely) they may consider the scanning a real attack and complain. According to our Terms of use, the users and not we take responsibility for the vulnerability scanning. Therefore, if we get any complaints, we will have to redirect them to the user who started the scanning.
  5. Since we send many activation emails, reports and notifications to the user mailboxes, sometimes these emails fall into the Spamboxes. You should always check your Spambox for our messages not to miss them. You can use the ‘Not Spam’ or similar button of your email client to prevent further false spam filtering.
  6. What if you receive our Scanning Report stating that your website is potentially VULNERABLE? Well, don't panic! Not every vulnerability is exploitable and dangerous. You should show the report to your information security analyst, or at least to your technical support to verify and evaluate the vulnerabilities. It is very common for any vulnerability scanners to give false positives. We always insist that any scanning results should be verified manually, and we can help you with pleasure.
  7. What if the Report states that your website is potentially PROTECTED? Well, do not relax! There is no omniscient vulnerability scanner, and never will be. However, our scanning engines are constantly learning. Try to scan later, and you may get different results. Tired to start scanning manually? Then you need our Vulnerability Monitoring Service.

Start Security Scanning of your Website.