10 tips for best usage of a Cloud Web Vulnerability Scanner
Web vulnerability scanning software is a procedure that is used to evaluate computers, networks and web applications for flaws in their defenses regarding web connections.
Web vulnerability scanning is one of the most important fields of security nowadays as most (if not all) threats are transported and delivered through web.
Here are top ten tips for being less web-vulnerable:
1. Scan your systems daily
It is recommended to scan your public IPs on a daily basis.
2. Fix Found Vulnerabilities
When severe vulnerabilities are discovered such as high risk it is recommended to take action right away.
Often vulnerabilities have been left un patched for a long time and then gets exploited by blackhat attackers.
3. 80% of vulnerabilities can be fixed right away
Most critical vulnerabilities are easy to be fixed in matter of minutes. Such as a change a firewall rule or install a patch.
Be active and right away fix all low hanging fruits that can be done in a short period of time even matter of minutes.
4. Do not ignore vulnerabilities
Sometime more complex vulnerabilities can be ignore by system administrators that are too busy with other tasks to take action.
If it is not possible fix a vulnerability right away it is recommended to get another team member to do it or notify the manager about it.
5. After patching rescan
It is recommended after installing patches or doing re configurations to rescan everything again after to make sure the patches or reconfiguration worked.
Example the administrator might be thinking a firewall rule is active but he forget to activate the rule.
By re scanning this mistakes are easily found out.,
6. Always update your Cloud Scanning software installation
Make sure that the cloud scanning you are using have the latest vulnerabilities and are updated on a daily basis.
7. Setup automated Scheduling with notifications
Often administrators are busy with many tasks.
It is recommended to setup automated scheduled scanning with a daily, multiple time or weekly scans.
Further more setup notifications so it is easy for the administrator to get an overview of the risk level of found vulnerabilities.
8. Get rid of outdated systems
Sometimes the customer have old depreciated systems that will never receive any new security patches.
It is recommended to get rid of systems that is not being maintained and is a potential disaster waiting to happen.
9. Do not forget DoS attacks
It can be recommended to also launch DoS attacks against systems to see if an attacker can easily take down a system.
This can help find out if an e commerce site can easily be shut down during peak shopping ours example during holiday shopping.
DoS attacks can be carried out in low peak ours such as Saturday night.
10. Do not forget about local scanning
Scanning the perimeter and public IP addresses is a good thing for remote attacks. But it is also recommended to deploy software for internal scanning.
This way you can discover local vulnerabilities that might be subject to local attacks.