Comodo Help
Find the desired product help
SOCaaP

SOCaaP

Version 2.2

English

Print Help
SOCaaP Web Protection > Website Data And Settings > Security Scans > Website Scans
  • Introduction
    • Logging-in To The SOCaaP Console
  • Dashboard Overview
    • Summary
    • Alerts,Incidents And Website Vulnerabilities
    • Customer Health
  • SOCaaP Alerts/Escalations
    • Log-in To The Admin Console
    • The Home Screen
    • Service Summary
    • Incidents Overview
      • Incidents
      • Threat Summary
    • Log Collection Summary
    • Threat Communication Graph
    • Tickets
    • Reports
    • Notification Settings
    • Integrate Your Office 365 Account With SOCaaP
  • SOCaaP SIEM
    • Log-in To The Admin Console
    • The Main Interface
    • The Dashboard
    • Customer Asset Management
      • Add Customers
      • Add Assets For Monitoring
        • Hard Assets
        • Soft Assets
      • Configure Nxlog And Rsyslog To Send Logs To SOCaaP Server
      • Edit Customers
    • Query Management
      • Configure Event Queries
      • Long Term Analysis
      • Configure Custom Dashboards
      • Event Field Selection Settings
    • Manage Rules
      • Manage Correlation Rules
      • Manage Tagged Rules
      • Manage Aggregation Rules
    • Incidents
      • Manage Incidents
      • Incident Category Management
      • Category Action Management
    • Lists
      • Manage Live Lists
      • Manage Live List Content
      • Manage Range List Content
      • Manage IP Range List Content
      • Manage Multiple Column List Content
    • Manage Reports
    • Administration
      • Event Collection
      • Phantom Settings
      • Manage Users
    • Appendix 1 – Field Groups And Event Items Description
    • Appendix 2 –SOCaaP Supported Logs
  • SOCaaP Web Protection
    • Add Websites
    • The Main Interface
    • The Dashboard
    • Website Data And Settings
      • Website Overview
      • Security Scans
        • Website Scans
        • Website Files Security Scans
          • Malware Scan Settings
            • Automatic Configuration
            • Manual Configuration
          • Run A Scan And View Results
          • Notifications, Malware Removal And Scheduled Scans
        • Vulnerability Scans
          • CMS Vulnerability Scans
          • OWASP Top 10 Vulnerability Scans
      • Content Delivery Network
        • Activate CDN For A Website
        • CDN Settings
        • View CDN Metrics
      • Firewall
        • WAF Statistics
        • WAF Events
        • Configure WAF Policies
        • Manage Custom Firewall Rules
      • SSL Configuration
      • DNS Configuration
      • Add Trust Seal To Your Websites
      • Back Up Your Website
        • Backup Settings
        • On-Demand Backup
        • View Backup Records And File Statistics
        • Restore And Download Website Files
        • Delete Backups
    • Manage Your Profile
  • Sensor Installation
    • Requirements
    • (Option 1) Create Installation Media
    • (Option 2) Deploy Virtual Machine Environment
      • Create A New Virtual Machine
      • Configure Memory Size
      • Configure Hard Disk
      • Configure Hard Disk File Type
      • Configure Storage On Physical Hard Disk
      • Configure Size Of Virtual Hard Disk
      • Configure Network Settings
      • Select VM Startup Disk
    • Sensor Installation Steps
    • Sensor Configuration Steps
      • Login To The Web Portal
      • User Settings
      • Configure Network
      • Configure Timezone
      • Key Activation
      • (Optional) Valkyrie Key Verdict
      • (Optional) Forward Log
  • Frequently Asked Questions
  • About Xcitium Security Solutions

Website Scans

 

Select a website at top-left > Click 'Scan' in the top-menu > Open the ‘Website Scan’ tab.

  • The website scan checks your front-end web-pages for vulnerabilities, errors and known malware. It is a good, ‘first-level’ check of threats on your site, but you should enable the full malware scanner for long-term protection.
  • Website scan checks the following items:
  • Javascripts, iframes and malicious links
  • Safe browsing status (blacklist status)
  • SSL certificate errors
  • Content Management (CMS) errors
  • HTTP errors and missing security headers
  • The scan starts automatically right after you add a website


Run Website Scans and View Results


You can run a manual website scan every two hours and you can also schedule a website scan.

  • Select a website at top-left then choose 'Scan'
  • Open the 'Website Scan' tab
  • Click 'Start Scan':




  • The scan is added to tasks and may take a few minutes to complete:



  •  All vulnerabilities are shown at the end of the scan. The results show missing headers, SSL errors and blacklists on which your site appears:




  • Request Cleanup - Create a ticket for Xcitium security experts to fix all issues found by the scan. The link takes you to the support page where you can create a ticket. 
  • Malware Found - Click the 'Malware Found' link to start a deep virus scan of your web server. All malware will be removed at the end of the scan. Note – you need to configure the malware scanner if you haven’t yet done so. See 'Run Malware Scans and View Results' for additional information.
  • View PDF Reports - Click to view and download the scan report as a PDF.

  • Site is blacklisted - The site was flagged as suspicious by Google’s ‘Safe Browsing’ service. Click the link to view the full reasons on Google's transparency report page.
  • Vulnerabilities Detected - Security holes were found on your website. Click the link to run a CMS and OWASP Top 10 scan on the site. The results of these scans contain mitigation advice to help you fix the issues.
System Information
  • Language - The programming language used in the site. For example, PHP, Python and so on.
  • Web Server Extension - Optional module used in the website. For example, OpenSSL, mod_ssl, Google PageSpeed and so on.
  • Font Scripts - Shows fonts used on your web pages.
  • CMS - The content management system (CMS) tool used on the site.
  • JavaScripts Included - Click the link to view details of JavaScripts used on site pages.
  • Links Found - Click the link to view internal and external hyperlinks used on site pages.
  • Iframes Included - Click the link to view internal and external inline frames (iframes) used in site pages. Iframes can be vulnerable to attack.

Reputation Check

  • Google Safe Browsing - Opens https://transparencyreport.google.com/safe-browsing/. Use this site to check whether any of your sites have been flagged as harmful.
  • Phishtank - Opens the PhishTank website at https://www.phishtank.com/. Use this site to run to see if any of your sites are listed as fraudulent.

SSL

  • Issuer - The certificate authority that issued the certificate to your site.
  • Expiration Date - Date on which the certificate expires. Please remember to replace certificates that are nearing expiry. Google Chrome and other browsers will show error messages to your visitors if your certificate is not valid.
  • Warnings - Click the 'Issues found' / 'No issues found' link to visit https://www.sslshopper.com/ssl-checker.html. The checker runs a deep inspection of your SSL configuration and identifies any errors. The page also has plenty of remediation advice to help you fix any issues.

HTTP Security Headers


HTTP security headers are used to protect your website against attacks such as XSS, clickjacking, code injection and so on. SOCaaP Web Protection reports which security headers are missing from your site.



Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • EDR Services
  • Ransomware Prevention
  • Managed IT Support Services
  • EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2023. All rights reserved.