How can we help?

How do I scan my website for vulnerabilities?

Before you begin...

Please note that you may only scan websites that you own, or have obtained permission from the owner. Do not run scans on any other websites, including third-party software sites that you may use, such as Gmail or Microsoft Office Online. 

Adding a Website for Scanning

  1. Open the Monitoring module in Cyber Safety.
  2. Click on the "Add a Website" button.
  3. Enter your website information. (See details below)
  4. Verify that you have permission to scan this website.
  5. Set your scan level and schedule. (Learn more about scan levels)
  6. Wait for the scan to complete.

Website Details

Screenshot_2022-12-15_at_15.39.46.png

Website Protocol (HTTPS vs HTTP)

HTTP stands for Hypertext Transfer Protocol. It's a standardized format for transferring data between two devices over a network. HTTPS is HTTP with encryption used by most websites.

If you are not sure which protocol your website supports, enter your URL into a web browser with HTTP and see if the browser is automatically redirected to HTTPS (with a padlock icon). If it does, it's using HTTPS. If not, it's only on HTTP.

Learn more about HTTP vs HTTPS

 

Website URL: Only use the root URL

You should only enter the root URL of the website you wish to scan. Do not include the protocol (the "https://" part), any path that identifies a specific page within your site (the part of the URL that begins with a forward slash "/") or query string (part of the URL that begins with a "?")

For example, for a URL of https://cybersafety.com/blog?client=safari

  • The protocol portion is https://
  • The root URL is cybersafety.com
  • "/blog" is the path
  • "?client=safari" is a query string

In this example, you'd only enter "cybersafety.com" as the URL. The scanner will identify all the pages in your website and run tests on every page it can find.

 

Website URL: Subdomains are considered separate websites

It may be obvious that google.com and bing.com are two separate websites. But it may not be as obvious that different subdomains (such as mail.google.com and docs.google.com) are also considered separate websites. Similarly, a root domain and a subdomain (e.g. cybersafety.com and portal.cybersafety.com) are also considered separate sites. 

When you add a website for scanning, the scope of the scan only includes pages with a single website. To illustrate, a scan of cybersafety.com will scan all the pages within, including cybersafety.com/blog, cybersafety.com/about, etc. However, that same scan will NOT include any subdomains of cybersafety.com, such as portal.cybersafety.com. 

Have more questions? Submit a request

Related articles

Have more questions?

Submit a request and we’ll get back to you right away.