From a security perspective it can be extremely useful to perform regular vulnerability scans to provide an insight into issues flagged on your site. The scans provide some information but it is then essential to interpret and action these suggestions to secure your site.
Once your scan has run you can download it as either a HTML or a CSV. Vulnerabilities are separated into five different categories:
- Info (None)
- Low
- Medium
- High
- Critical
You will see the vulnerability report in your RapidSpike account with vulnerabilities displayed from Critical to Low. If you are unsure about a vulnerability displayed you can investigate further by clicking the ‘view’ button which will take you to an information page with a brief synopsis and some assistance for a solution.
As an example, here is a high severity warning for ‘CGI Generic Remote File inclusion’. Included on this page will be an explanation of the vulnerability, Proof of Concept, remediation and general information. If you are not familiar with vulnerability scans we also include a CVSS number which scores the vulnerability from 0 – 10 for easy prioritisation and categorisation into it’s severity tag.
You may notice that some vulnerabilities flagged disappear in following scans even though they haven’t been investigated or actioned. A good example of this is domain expiry date and SSL renewal which for many companies is on an automatic renewal. This is something to be aware of however despite being classed as a vulnerability there may already be measures in place to stop it becoming an issue.
If you are unsure of any vulnerabilities we recommend speaking to the relevant team in your company or potentially contacting a third party organisation to look further into the issues raised.
