What is Siteimprove Web Security?

Modified on: Mon, 30 Aug, 2021 at 5:14 PM

Siteimprove Web Security is a module that’s offered within the Siteimprove Intelligence Platform which allows users to easily audit their domains and web pages for security vulnerabilities.

A security vulnerability is defined as a potential weakness in your website content, frontend, backend or server infrastructure, that could potentially be exploited by attackers or bad actors*. As the web keeps growing both in scale and complexity, the number of vulnerabilities and bad actors has unfortunately risen alongside it. Siteimprove Web Security is a straightforward way to get started in terms of proofing your web projects, and thereby ensuring that your content or users are not affected by such exploits.

Some of the findings provided by Web Security will require technical resources to address, this module also makes it easy to cross-communicate between teams by breaking down technical jargon and explaining what needs to be done, where the issue lies and who need to address it.

What kinds of weaknesses does Siteimprove Web Security identify?

Siteimprove Web Security will perform a full scan of a selected domain and present the findings within three different areas of possible vulnerabilities. These areas are; Web Application, Network , and Server.

Each issue is then assigned a severity rating ranging from High, Medium, Low and Very Low, depending on how severe the potential weakness is.

This is done in order to make it more manageable for you when trying to keep track of what areas have potential weaknesses within them, and what types of resources are required in order to address these. You will find additional info for each area within the articles Web Application, Network and Server.

How does Siteimprove Web Security perform these scans?

Web Security combines data from third parties that have partnered with Siteimprove, as well as additional Siteimprove insights and findings. In doing so, Web Security provides a thorough analysis of potential weaknesses and vulnerabilities found on a domain, in a manner that’s easy to manage and understand.

Web Security differs from Siteimproves' other crawler-based products in the sense that the scan combines a wider range of techniques and technologies in order to as comprehensively as possible be able to assess a websites potential vulnerabilities.  These include, amongst others;

  • Scans (active)

  • Crawls (active)

  • Sensors and data feeds (passive)

  • Honeypots

  • Sinkholes

  • Identifying ports and IP-addresses (active)

In order to get started, all you need is a top-level domain (TLD). An example of this type of domain would be www.siteimprove.com. Once you’ve entered the TLD(s) that you would like to be tested for vulnerabilities, the service will perform a series of scans and analyses in order to identify eventual weaknesses that appear throughout the domain.  All of these techniques are non-intrusive, and thus should not threaten the integrity of the web application.

The complete scan will take between 3-5 days to complete. You can track the status of a domains’ scan in the Domain Overview section of Web Security. By default, Web Security will update the scan results once per week, in order to allow you to stay on top of security issues and vulnerabilities over time.

*"Bad actor" is a term used for an individual or group who act to breach information technology systems.

Siteimprove Academy courses

The Siteimprove Academy offers scalable learning programs, interactive course content, and actionable outcomes for you and your team. Take advantage of these related online academy courses to get the most out of our products.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.