Scanner performs the following tasks:
- Network scope scanning
- Searching for typical vulnerabilities and security issues
- Active threat verification
- Updating the status of previously detected vulnerabilities
The network scope is the cornerstone of building your security process.
As your project grows bigger, the number of resources on the company scope increases and resource control decreases.
The resources may be located not only in the company's data centers but also on shared hostings — for example, your marketers will create new landing pages and start new campaigns. These resources are placed on subdomains of the main project and can jeopardize the project's security.
Hackers always choose the least protected resources on the company's scope and attempt to compromise these resources first.
Wallarm integrates all the scope discovery mechanisms used by white hat hackers when assessing a company's security and running penetration tests.
The scope discovery does not end at the domain and IP address mapping but also discovers the network resources that can be accessed from the Internet. To do this, Wallarm first scans ports and then detects the network resources on these ports.
This results in a map of the company's resources that is of the same quality as the one done by white hat hackers when doing penetration testing.
After collecting the network scope, the scanner checks all IP addresses and domains within it for any typical vulnerabilities.
The scanner will automatically reproduce each attack from the traffic. This mechanism allows the detection of vulnerabilities that could have been exploited during the attack.
For safety reasons, when reproducing attacks from requests, the authentication data (cookies, basic-auth, viewstate) is deleted. Correct operation of this functionality may require additional configuration from the application side.
The scanner regularly checks the status of vulnerabilities and automatically marks them as fixed or, on the contrary, reopens newly reproduced ones.
Current vulnerabilities and vulnerabilities fixed less than a month ago are checked once a day.
Vulnerabilities that were fixed more than a month ago are checked once a week.
Vulnerabilities marked as false are not checked.