Skip to main content

Vulnerability assessment service

Scan the domains on your Secure Site Pro and Secure Site EV certificate orders to check for vulnerabilities

Secure Site Pro SSL, Secure Site Pro EV SSL, and Secure Site EV certificates come with access to a vulnerability assessment service. This vulnerability assessment service allows you to identify and act against the most exploitable weaknesses on your website. To learn more about what's included with each Secure Site Pro and Secure Site EV certificate, see Pro TLS/SSL Certificates and Secure Site Certificates.

Vulnerability assessment is a cloud service, so there is nothing to install. After we've issued your Secure Site Pro or Secure Site EV certificate and you've enabled vulnerability assessment for the order, you can start using the service immediately to scan the domains on the certificate order.

Important

Vulnerability assessment does not replace PCI-compliant vulnerability scans. The service complements existing protection with an automatic weekly scan and a report of the most critical vulnerabilities.

Vulnerability assessment helps you:

  • Keep your website off the blocklist that Google, Yahoo, Bing, and other search engines create for sites found with malware.

  • Reduce the risk of bad actors finding and attacking your site.

  • Identify the weaknesses on your website that are most likely to be used for malicious attacks.

  • Quickly remediate these vulnerabilities, making it easier to secure your site.

Vulnerability assessment includes:

  • An automatic weekly scan for vulnerabilities on public-facing web pages.

  • An easy-to-read actionable report identifying critical vulnerabilities that should be investigated and informational items that pose a lower risk.

  • An option to rescan your website to confirm that vulnerabilities have been fixed.

The vulnerability assessment service pulls information about your domains into your CertCentral account, where you can view details about any discovered vulnerabilities to quickly identify exploitable weaknesses and take corrective action for your domains. You can also download reports, get notifications, and rescan your website to help confirm that vulnerabilities have been fixed.

How vulnerability scanning works

By default, the assessment service scans domains on the order once a week for as long as vulnerability assessments are enabled. You can also manually queue a domain to be rescanned anytime. To prevent scanning altogether, disable vulnerability assessments for the certificate order.

Does the service scan all my domains?

The vulnerability assessment service only scans the highest-level domains secured by the certificate. In the tables below, we show some examples of which domains the service scans for when securing domains at various levels: base domains, first-level subdomains, and second-level subdomains.

Certificate A Domains secured:

  • domain.com – scanned

  • example.domain.com – not scanned

  • sample.domain.com – not scanned

  • website.com – scanned

When a certificate secures base domains and first-level subdomains, the service only scans the base domains. In this example, the certificate secures two base domains and two first-level subdomains. So, the service scans only the base domains.

Certificate B Domains secured:

  • example.domain.com – scanned

  • sub.example.domain.com – not scanned

When a certificate does not secure a base domain, the service scans the subdomains at the next lowest level. In this example, the certificate secures a first-level subdomain and a second-level subdomain. So, the service scans only the first-level subdomain.

Certificate C Secured domains:

  • example.domain.com – scanned

  • sample.domain.com – scanned

  • demo.domain.com – scanned

  • sub.demo.domain.com – not scanned

When a certificate secures multiple subdomains at the same level, the service scans all the subdomains. In this example, the certificate secures three first-level subdomains and one second-level subdomains. So, the service scans all the first-level subdomains.