Scanner performs the following tasks:
- Network perimeter scanning.
- Search for typical vulnerabilities and security issues.
- Active threat verification.
- Updating the status of previously detected vulnerabilities.
Perimeter is the cornerstone of building your security process.
As your project grows bigger the number of resources on the company perimeter increases and resource control decreases.
The resources may be located not only in the company's data centers, but also on shared hostings – for example, your marketeers will create new landing pages and start new campaigns. These resources are placed on subdomains of the main project and can jeopardize the project's security.
Hackers always choose the least protected resources on the company's perimeter and attempt to compromise these resources first.
Wallarm integrates all the perimeter discovery mechanisms used by white hat hackers when assessing a company's security and running penetration tests.
The perimeter discovery does not end at the domain and IP address mapping, but also discovers the network resources that can be accessed from the Internet. To do this, Wallarm first scans ports and then detects the network resources on these ports.
This results in a map of the company's resources that is of the same quality as the one done by white hat hackers when doing penetration testing.
The scanner checks typical vulnerabilities for all IP addresses and domains within the perimeter.
The vulnerability scanner will automatically reproduce each attack from the traffic. This mechanism allows the detection of vulnerabilities that could have been exploited during the attack.
For safety reasons, when reproducing attacks from requests, the authentication data (cookies, basic-auth, viewstate) is deleted. A correct operation of this functionality may require additional configuration from the application side.
The scanner regularly checks the status of vulnerabilities and automatically marks them as fixed or, on the contrary, reopens the newly reproduced ones.
Current vulnerabilities and vulnerabilities fixed less than a month ago are checked once a day.
Vulnerabilities that were fixed more than a month ago are checked once a week.
Vulnerabilities marked as false are not checked.
This functionality is not disabled.