Vulnerability assessment service

Scan the domains on your Secure Site Pro and Secure Site EV certificate orders to check for vulnerabilities

Secure Site Pro SSL, Secure Site Pro EV SSL, and Secure Site EV come with access to a vulnerability assessment service. This vulnerability assessment service allows you to identify and act against the most exploitable weaknesses on your website. To learn more about what's included with each Secure Site Pro and Secure Site EV certificates, see Pro TLS/SSL Certificates and Secure Site Certificates.

Vulnerability assessment is a cloud service so there is nothing to install. After we've issued your Secure Site Pro or Secure Site EV certificate, and you've enabled vulnerability assessment for the order, you can start using the service immediately to scan the domains on the certificate order.

Vulnerability assessment does not replace PCI-compliant vulnerability scans. The service complements existing protection with an automatic monthly scan and a report of the most critical vulnerabilities.

Vulnerability assessment helps you:

  • Keep your website off the blocklist that Google, Yahoo, Bing, and other search engines create for sites found with malware.
  • Reduce the risk of bad actors finding and attacking your site.
  • Identify the weaknesses on your website that are most likely to be used for malicious attacks.
  • Quickly remediate these vulnerabilities, making it easier to secure your site.

Vulnerability assessment includes:

  • An automatic monthly scan for vulnerabilities on public-facing web pages.
  • An easy-to-read actionable report that identifies critical vulnerabilities that should be investigated immediately and informational items that pose a lower risk.
  • An option to rescan your website to help confirm that vulnerabilities have been fixed.

The vulnerability assessment service pulls the information about your domains into your CertCentral account, where you can view details about any discovered vulnerabilities to quickly identify exploitable weaknesses and take corrective action for your domains. You can also download reports, get notifications, and rescan your website to help confirm that vulnerabilities have been fixed.

How vulnerability scanning works

By default, the assessment service scans domains on the order once per month for as long as vulnerability assessments are enabled. You can also manually queue a domain to be rescanned anytime. To prevent scanning altogether, disable vulnerability assessments for the certificate order.

Does the service scan all my domains?

The vulnerability assessment service only scans the highest-level domains secured by the certificate. In the tables below, we show some examples of which domains the service scans for when securing domains at various levels: base domains, first-level subdomains, and second-level subdomains.

Certificate A
Domains secured:
  • domain.com – scanned
  • example.domain.com – not scanned
  • sample.domain.com – not scanned
  • website.com – scanned
 When a certificate secures base domains and first-level subdomains, the service only scans the base domains.
In this example, the certificate secures two base domains and two first-level subdomains. So, the service scans only the base domains.
Certificate B
Domains secured:
  • example.domain.com – scanned
  • sub.example.domain.com – not scanned
 When a certificate does not secure a base domain, the service scans the subdomains at the next lowest level.
In this example, the certificate secures a first-level subdomain and a second-level subdomain. So, the service scans only the first-level subdomain.
Certificate C
Secured domains:
  • example.domain.com – scanned
  • sample.domain.com – scanned
  • demo.domain.com – scanned
  • sub.demo.domain.com – not scanned
 When a certificate secures multiple subdomains at the same level, the service scans all the subdomains.
In this example, the certificate secures three first-level subdomains and one second-level subdomains. So, the service scans all the first-level subdomains.

Vulnerability assessment service instructions

Informazioni

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.