Vulnerability Scans for E-Commerce Sites

Vulnerability Scan


A vulnerability scan is an automated process to find vulnerabilities (or security holes) in a network environment. A network can be internal (LAN) or external (an website server). The results of a vulnerability scan alert the network administrator of ways a potential hacker could break into or disrupt a system. It is a preventive tool. After seeing the results, it is up to the administrator to understand them and to take appropriate action. Since running a network or a server is a task for advanced users, people with limited knowledge of servers / networks could have a tough time reading the results.


A vulnerability scan for an IP address (or server, since an IP address belongs to a server), provides a good amount of information. A lot of this information is simply useful in terms of knowing how your server operates. It gives a directory structure of the server (list of directories), type of server software run (Apache, Windows Server, Exchange, etc), SSL information, open and closed ports, various plugins running. If it detects any vulnerabilities, it will list them also. Common vulnerabilities include ability to run external server-side applications (Perl, ASP), unprotected sensitive directories, open ports that shouldn’t be open. The actual list of potential vulnerabilities is very large and simply would not fit in this article.

Article Source: