One sign that the Cloud is going mainstream is the number of online monitoring and scanning services that are popping up. Last week I reported the new online tool from Monitis which was quickly followed by an email from Charlie Belmer at Golem Technologies alerting me to a free web site scanning service Golem offers for small to medium sized businesses. The free scan highlights security problems and offers more information and greater protection by selling you a paid for service.
Golem’s website has this advice before you start a scan:
Before you scan, make sure you understand the following
Golem Security Scanner uses ‘black box’ scanning technology. This means we will scan your site from our servers, with no prior knowledge. This approximates what an attacker might see from outside the organization. We make every attempt to keep this activity safe for your site, but there is always some risk associated with running an automated process such as this.
Keep in Mind These 4 Facts About Scanning
1. The scan will submit every page and action it can find. This means contact forms, sign up forms, delete buttons, comments… anything!
2. The scanner operates quickly. The total number of requests is limited to reduce impact, however it may increase load on your webserver, and decrease performance.
3. You must own any site you scan! By submitting a scan, you certify that you are authorized to scan the target site.
4. If you have a non production website, enter that URL instead.
Black Box scanning is generally a safe method of testing security. If you have concerns about scanning your website, please contact us and we would be happy to discuss your concerns in more detail. Golem Security Scanner has been tested on numerous production websites without incident, and is optimized to be safe for production scanning.
False positives are security vulnerabilities which are detected by the scanner, but which are not actual vulnerabilities. Because Golem security scanner does not actively attack your site, it cannot confirm whether the vulnerabilities it detects are true security holes. The scanner is designed to reduce the likelihood of false positives, but each vulnerability should be checked to ensure it is authentic.