Help Center> > Service Overview >Vulnerability Scan Service
View PDF

Vulnerability Scan Service

Vulnerability Scan Service (VSS) detects the vulnerabilities in the servers and websites. It provides services such as common vulnerability scan, vulnerability lifecycle management, and scan customization. After you create a scan job, you can manually start it to detect the vulnerabilities in the website and obtain recommended actions.

Functions

VSS quickly detects the vulnerabilities in your website and host, generates detailed assessment reports, and provides recommendations for fixing different types of vulnerabilities.

  • Preliminary Scan

    New users can experience a preliminary scan without verifying your domain ownership to estimate website risks.

  • Host Vulnerability Scan
    • In-depth scanning

      Performs multi-dimensional OS vulnerability detection and configuration checking.

    • Intranet scanning

      Enterprises can choose to enact an intranet scanning policy on servers.

    • Weak password scan
      • Multi-scenario applicability

        Scans for standard web services, all OSs, and 90% of all middleware, including databases.

      • Built-in weak password library

        Simulates hacker detection of weak passwords. You can also use your own weak password library to detect passwords.

    • Middleware scan
      • Diverse scenarios

        Supports vulnerability scanning of mainstream web containers, foreground development frameworks, and background microservice stacks, as well as configuration compliance scanning.

      • Multiple scan methods

        Chooses standard scan or custom scan to identify the middleware and its version in the server, and discover vulnerabilities and risks.

  • Website Vulnerability Scan
    • VSS can detect over 22 types of vulnerabilities, including OWASP Top 10 vulnerabilities and WASC vulnerabilities.
    • Scan rules can be automatically updated on the cloud and take effect across the entire network against the latest vulnerabilities.
    • VSS supports HTTPS scanning.
  • One-stop Vulnerability Management
    • VSS supports SMS notifications upon job completion (available in the professional or enterprise edition).
    • VSS provides recommendations for fixing vulnerabilities. To view recommended fixes, buy the professional or enterprise edition.
    • VSS allows you to download .html assessment reports and view vulnerability details in offline mode (available in the professional or enterprise edition).
    • VSS supports re-scanning.
  • Custom Scanning
    • VSS supports scheduled scans.
    • VSS supports port scan.
    • VSS supports weak password scan (available in professional or enterprise edition).
    • VSS allows customization of login methods.
    • VSS supports scanning of Web 2.0 crawlers.