There are five different scan types — information about each type are as follows:
What is Firewall Scanning?
A firewall scan is recommended if scans aren’t regularly scheduled against your firewall in order to discover high risk services, detect uncommon ports, monitor for unauthorized changes, and inventory services on the network for compliance. We recommend you run a firewall scan against all internet facing assets.
What is Website Scanning?
A website scan can be run to discover useful information about certificates, HTTP headers, scripts, forms, metadata, and cookies. You might find various anomalies that would not typically be found without running a website scan, therefore it’s recommended to run scans frequently to ensure the posture of your website is at its best. We recommend you run a website scan against all assets with HTTP service.
What is Server Scanning?
Server scanning, commonly referred to External Vulnerability Assessment (EVA), is recommended if scans aren’t regularly scheduled against your server in order to discover open ports, exposed services, missing security patches, and configuration weaknesses that put you at risk.
Once we discover your vulnerabilities, we'll let you know which are most critical to resolve, and help you remediate them quickly. We recommend you run a server scan against all assets with open ports.
What is Application Scanning?
An application scan is recommended to help you discover vulnerabilities such as SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, and other OWASP Top 10 targets. Our website scanner uses Dynamic Application Security Testing (DAST) and a proprietary JavaScript engine designed to parse, execute, and inspect the computed output, allowing us to effectively find vulnerabilities in custom HTML5, Web 2.0, and Single Page Applications (SPAs), including frameworks such as jQuery and AngularJS. We recommend you run an application scan against all custom-coded applications.
What is Compliance Scanning?
If your business processes, transmits, or stores credit or debit card information you are required to comply with the PCI's Data Security Standard (PCI DSS). Our PCI compliance scanning is cloud-based and was designed to help merchants become PCI compliant in the quickest and most efficient way possible. With unlimited on-demand scans, you'll be able to quickly generate and submit your report to us, your ASV, for approval. Once approved, you'll be able to download your compliance reports, submit them to your bank, and continue focusing on your business. We recommend you run compliance scans against all assets that process, transmit, or store credit card data.