With Zerocopter you can let a scanner take a look at your security. In this blog, we explain how the scanner works and what options you have.
When you put something online on the internet you are automatically a target for hackers. They scan entire IP ranges to search for specific vulnerabilities and you might have one of them. Before you know it your infrastructure is part of a botnet that is used to DDOS banks or they downloaded your database and sell it on the internet. Prevent this from happening by scanning your website for known vulnerabilities.
The scanner of Zerocopter is a port-based scanner. To understand how the scanner works, it is important to know how a computer connects to another computer or network. A computer is simultaneously connected to numerous devices. In order to keep these connections separated from each other they each have a different input, known as ports. Each type of connection makes contact with the computer via its own port. A computer has thousands of such ports, all of which have their own application running on it. Compare it to boats in the harbor, to ensure that it doesn't become chaos, each boat has its own place to lay.
The harbor master of the harbor checks if every boat that is present is in the right place every day. The scanner does this too. When you let the scanner run, it passes all ports, checks what the port should do and checks if this is done secure. To see if the connection is secure, the scanner has a library which stores known vulnerabilities. The scanner then looks at all the stored vulnerabilities and checks whether they are present at the port. Just as a harbor master checks on his or her list to see if there was paid for the boat in the harbor and whether it is in the right place.
When the scanner is ready with making his round across all the ports it makes a report in understandable language and sends it to you. The report tells you if there are vulnerabilities present in your online environment, how dangerous they are and how to fix these vulnerabilities.
With the scanning services provided by Zerocopter you have three choices for scanning: Web, network, web and network.
The web scan finds vulnerabilities in web applications you offer, for example your website or app. The network scan finds vulnerabilities in your server and network. The last option checks web and network vulnerabilities. When it is your first time running a scan it is recommended to check for web and network vulnerabilities, this way you get a complete image of the security of your online environment.
With scheduling your scanner you can also choose to show informationals in your reports. When you have chosen to show informationals you will get the technical information the scanner found in your reports. For example, information about SSL, webserver and portscans.
You can choose to run the scan daily, weekly or monthly to check your online environment. You can also choose a time and day of the week to run the scan. The scanner of Zerocopter is a so-called remote scanner. That means you don’t need to install software to use the security services.
Do you want to know more? Don't hesitate to contact us!
Written by Zerocopter
June 8, 2017