10 tips for best usage of a Cloud Web Vulnerability Scanner

Web vulnerability scanning software is a procedure that is used to evaluate computers, networks and web applications for flaws in their defenses regarding web connections.

Web vulnerability scanning is one of the most important fields of security nowadays as most (if not all) threats are transported and delivered through web.

Here are top ten tips for being less web-vulnerable:

1. Scan your systems daily

It is recommended to scan your public IPs on a daily basis.
 

2. Fix Found Vulnerabilities

When severe vulnerabilities are discovered such as high risk it is recommended to take action right away.
Often vulnerabilities have been left un patched for a long time and then gets exploited by blackhat attackers.
 

3. 80% of vulnerabilities can be fixed right away

Most critical vulnerabilities are easy to be fixed in matter of minutes. Such as a change a firewall rule or install a patch.
Be active and right away fix all low hanging fruits that can be done in a short period of time even matter of minutes.
 

4. Do not ignore vulnerabilities

Sometime more complex vulnerabilities can be ignore by system administrators that are too busy with other tasks to take action.
If it is not possible fix a vulnerability right away it is recommended to get another team member to do it or notify the manager about it.
 
 

5. After patching rescan

It is recommended after installing patches or doing re configurations to rescan everything again after to make sure the patches or reconfiguration worked.
Example the administrator might be thinking a firewall rule is active but he forget to activate the rule. 
By re scanning this mistakes are easily found out.,

 

6. Always update your Cloud Scanning software installation

Make sure that the cloud scanning you are using have the latest vulnerabilities and are updated on a daily basis.

 

7. Setup automated Scheduling with notifications

Often administrators are busy with many tasks.
It is recommended to setup automated scheduled scanning with a daily, multiple time or weekly scans.
Further more setup notifications so it is easy for the administrator to get an overview of the risk level of found vulnerabilities.

 

8. Get rid of outdated systems

Sometimes the customer have old depreciated systems that will never receive any new security patches.
It is recommended to get rid of systems that is not being maintained and is a potential disaster waiting to happen.

 

9. Do not forget DoS attacks

It can be recommended to also launch DoS attacks against systems to see if an attacker can easily take down a system.
This can help find out if an e commerce site can easily be shut down during peak shopping ours example during holiday shopping.
DoS attacks can be carried out in low peak ours such as Saturday night.

 

10. Do not forget about local scanning

Scanning the perimeter and public IP addresses is a good thing for remote attacks. But it is also recommended to deploy software for internal scanning.
This way you can discover local vulnerabilities that might be subject to local attacks.