Scan the domains on your Secure Site Pro and Secure Site EV certificate orders to check for vulnerabilities
Secure Site Pro SSL, Secure Site Pro EV SSL, and Secure Site EV come with access to a vulnerability assessment service. This vulnerability assessment service allows you to identify and act against the most exploitable weaknesses on your website. To learn more about what's included with each Secure Site Pro and Secure Site EV certificates, see Pro TLS/SSL Certificates
and Secure Site Certificates
Vulnerability assessment is a cloud service so there is nothing to install. After we've issued your Secure Site Pro or Secure Site EV certificate, and you've enabled vulnerability assessment for the order, you can start using the service immediately to scan the domains on the certificate order.
Vulnerability assessment does not replace PCI-compliant vulnerability scans. The service complements existing protection with an automatic monthly scan and a report of the most critical vulnerabilities.
Vulnerability assessment helps you:
- Keep your website off the blacklist that Google, Yahoo, Bing, and other search engines create for sites found with malware.
- Reduce the risk of bad actors finding and attacking your site.
- Identify the weaknesses on your website that are most likely to be used for malicious attacks.
- Quickly remediate these vulnerabilities, making it easier to secure your site.
Vulnerability assessment includes:
- An automatic monthly scan for vulnerabilities on public-facing web pages.
- An easy-to-read actionable report that identifies critical vulnerabilities that should be investigated immediately and informational items that pose a lower risk.
- An option to rescan your website to help confirm that vulnerabilities have been fixed.
The vulnerability assessment service pulls the information about your domains into your CertCentral account, where you can view details about any discovered vulnerabilities to quickly identify exploitable weaknesses and take corrective action for your domains. You can also download reports, get notifications, and rescan your website to help confirm that vulnerabilities have been fixed.
How vulnerability scanning works
By default, the assessment service scans domains on the order once per month for as long as vulnerability assessments are enabled. You can also manually queue a domain to be rescanned anytime. To prevent scanning altogether, disable vulnerability assessments for the certificate order.
Does the service scan all my domains?
The vulnerability assessment service only scans the highest-level domains secured by the certificate. In the tables below, we show some examples of which domains the service scans for when securing domains at various levels: base domains, first-level subdomains, and second-level subdomains.