Vulnerability assessment service
Secure Site Pro SSL, Secure Site Pro EV SSL, and Secure Site EV certificates include access to the vulnerability assessment service. The service scans the public domains on your certificate order for exploitable weaknesses and generates actionable reports identifying critical vulnerabilities.
Vulnerability assessment is a cloud service — nothing to install. After DigiCert issues your certificate, enable vulnerability assessment on the order to start scanning immediately.
The service provides:
An automatic weekly scan of public-facing web pages for vulnerabilities
An actionable report identifying critical vulnerabilities to investigate and informational items that pose lower risk
An option to rescan your website at any time to confirm vulnerabilities were fixed
Email notifications after each completed scan
Wichtig
The vulnerability assessment service does not replace PCI-compliant vulnerability scans. The service complements existing protection with automatic weekly scans and critical vulnerability reports.
How vulnerability scanning works
The service pulls discovered vulnerability information into CertCentral where you can view details, download reports, and take corrective action. By default, the service scans domains on the order once weekly for as long as vulnerability assessment is enabled. You can also manually trigger a rescan at any time.
Which domains are scanned
The service scans only the highest-level domains secured by the certificate:
When a certificate secures base domains and first-level subdomains, only the base domains are scanned.
When a certificate does not secure a base domain, the service scans the subdomains at the next lowest level.
When a certificate secures multiple subdomains at the same level, all subdomains at that level are scanned.
Vulnerability report ratings
The service generates vulnerability reports using two rating systems:
Report | Severity ratings |
|---|---|
DDI (Digital Defense curated CVE scoring) | Critical, High, Medium, Low, Trivial |
PCI | Pass, Fail |
DDI ratings generally align with CVE scoring but may reflect higher or lower severity based on exposure factors such as internal versus external access.