6.3 Vulnerability Scan

Previous6.2 Network Topology Next7. Access

Last updated 9 days ago

6.3 Vulnerability Scan

📖 Overview

The Vulnerability Scan module provides real-time detection, classification, and visibility into the known and potential security weaknesses across your entire digital surface.

This system continuously analyzes exposed services, technologies, protocols, and configurations to identify vulnerabilities — then ranks them by severity so you know exactly what to fix, and where.

🚨 ShieldsGuard helps you stay ahead of attackers by showing what they see before they exploit it.

🔍 What It Scans

Web application stack (WordPress, PHP, Plesk, etc.)
SSL/TLS configuration and certificate health
HTTP headers and content security policies
Open ports and exposed services
Publicly accessible endpoints
CMS plugin versions
Protocol vulnerabilities and misconfigurations
Missing or misconfigured DNS and email security

🎯 Severity Levels

All findings are categorized using a clear, color-coded system:

Severity

Meaning

🔴 Critical

Exploitable vulnerabilities with high impact

🟠 High

Major misconfigurations or outdated technologies

🟡 Medium

Weaknesses requiring mitigation

🔵 Low

Minor risks or hygiene issues

⚪ Info

Informational or best practice observations

Each severity level helps prioritize remediation based on real-world impact.

📋 Vulnerability Detail

Every finding includes:

Affected domain and URL
Risk level (color and label)
Vulnerability type or CVE (if applicable)
Description of the issue
Discovery method
Exact URL or port
Suggested resolution
Timestamp
Quick access to “View” for more details

🧠 Example Findings

Vulnerability

Risk Level

Affected Component

CVE-2020-24778 (GSAP)

High

JavaScript library

Missing HSTS Header

Medium

HTTP response headers

Misconfigured CORS

Medium

API endpoints

SSL Certificate Near Expiry

Medium

TLS

Missing HttpOnly on Cookies

Low

Set-Cookie directive

No DKIM or SPF Records

Info

Email configuration

WordPress XML-RPC Brute Force Exposure

Medium

WP login subsystem

REST API Enumeration

Info

WP-JSON endpoint

📈 Dashboard Features

📊 Risk Score Gauge — Visual snapshot of risk posture
📑 Security Findings Table — Fully filterable by severity or domain
🧮 Vulnerability Histogram — Severity-wise chart
🔍 Domain Filter — Narrow scope by subdomain or asset
📤 Export Capabilities — Download reports for audits or incident response

⚙️ How to Use It Effectively

Goal

Action

Patch critical exposures quickly

Sort by severity and act on 🔴/🟠 first

Track remediation over time

Re-scan after fixes and compare findings

Improve compliance posture

Export finding logs with timestamps

Investigate patterns

Correlate vulnerabilities across domains

Confirm system health after deploy

Run scan post-update to detect regressions

🔐 Best Practices

Integrate scans into your change and release cycle.
Treat HIGH and CRITICAL findings as blockers in CI/CD.
Review LOW/INFO items regularly for hygiene improvements.
Use scan results to update your WAF, IP filters, and rules.

🎯 ShieldsGuard Vulnerability Scan is your early warning system — detecting what could be exploited before attackers do, and giving you a prioritized, actionable plan to fix it.

Previous6.2 Network Topology Next7. Access

Last updated 9 days ago

📖 Overview

The Vulnerability Scan module provides real-time detection, classification, and visibility into the known and potential security weaknesses across your entire digital surface.

This system continuously analyzes exposed services, technologies, protocols, and configurations to identify vulnerabilities — then ranks them by severity so you know exactly what to fix, and where.

🚨 ShieldsGuard helps you stay ahead of attackers by showing what they see before they exploit it.

🔍 What It Scans

Web application stack (WordPress, PHP, Plesk, etc.)
SSL/TLS configuration and certificate health
HTTP headers and content security policies
Open ports and exposed services
Publicly accessible endpoints
CMS plugin versions
Protocol vulnerabilities and misconfigurations
Missing or misconfigured DNS and email security

🎯 Severity Levels

All findings are categorized using a clear, color-coded system:

Severity

Meaning

🔴 Critical

Exploitable vulnerabilities with high impact

🟠 High

Major misconfigurations or outdated technologies

🟡 Medium

Weaknesses requiring mitigation

🔵 Low

Minor risks or hygiene issues

⚪ Info

Informational or best practice observations

Each severity level helps prioritize remediation based on real-world impact.

📋 Vulnerability Detail

Every finding includes:

Affected domain and URL
Risk level (color and label)
Vulnerability type or CVE (if applicable)
Description of the issue
Discovery method
Exact URL or port
Suggested resolution
Timestamp
Quick access to “View” for more details

🧠 Example Findings

Vulnerability

Risk Level

Affected Component

CVE-2020-24778 (GSAP)

High

JavaScript library

Missing HSTS Header

Medium

HTTP response headers

Misconfigured CORS

Medium

API endpoints

SSL Certificate Near Expiry

Medium

TLS

Missing HttpOnly on Cookies

Low

Set-Cookie directive

No DKIM or SPF Records

Info

Email configuration

WordPress XML-RPC Brute Force Exposure

Medium

WP login subsystem

REST API Enumeration

Info

WP-JSON endpoint

📈 Dashboard Features

📊 Risk Score Gauge — Visual snapshot of risk posture
📑 Security Findings Table — Fully filterable by severity or domain
🧮 Vulnerability Histogram — Severity-wise chart
🔍 Domain Filter — Narrow scope by subdomain or asset
📤 Export Capabilities — Download reports for audits or incident response

⚙️ How to Use It Effectively

Goal

Action

Patch critical exposures quickly

Sort by severity and act on 🔴/🟠 first

Track remediation over time

Re-scan after fixes and compare findings

Improve compliance posture

Export finding logs with timestamps

Investigate patterns

Correlate vulnerabilities across domains

Confirm system health after deploy

Run scan post-update to detect regressions

🔐 Best Practices

Integrate scans into your change and release cycle.
Treat HIGH and CRITICAL findings as blockers in CI/CD.
Review LOW/INFO items regularly for hygiene improvements.
Use scan results to update your WAF, IP filters, and rules.

🎯 ShieldsGuard Vulnerability Scan is your early warning system — detecting what could be exploited before attackers do, and giving you a prioritized, actionable plan to fix it.