A passive vulnerability scan is a type of security scan in which the scanner sends no unusual requests to the server. It is like a visitor browsing the site.
In this article, we'll review the benefits of a passive vulnerability scan.
Pick Low-Hanging Fruits
Browsing the website is the first thing hackers and security experts do when evaluating a website’s security. It is called a passive scan. Many problems can be identified just by looking into the source code of web pages. Issues like Vulnerable WordPress Version, Application Errors and, Password Over Unencrypted Channel are some of such problems. Intercepting requests and responses between the browser and the server can also reveal many weaknesses. For example, you can detect cookie vulnerabilities just by looking into the web server’s response headers.
Less Impact
Passive scan comparing to active scan is less risky for the availability of the web application. Since no unexpected request is sent to the web server, the server should be able to handle the scan like any other visitor.
⛔ In passive scans, all URLs are visited so, if there are links that perform actions like deleting accounts or files, passive scans can still be dangerous.
Bypass Web Application Firewalls
Websites usually use WAFs to stop attacks in the production environment. Passive scans don’t trigger any alarm on WAFs most of the time. So, the scan can proceed without getting blocked by the firewall.
No Schedule Required
Active vulnerability scans usually put a lot of pressure on the web application. That’s why they should be performed at a scheduled time to reduce the risk. But passive tests can be conducted at any time, just like website visitors that can browse the site anytime.
Fast Security Scan
Browsing a website is fast, so does a passive scan. Passive scans are speedy because they send fewer requests to the web server. Also, there is less chance of getting caught by WAF that might slow down the scan.
How To Perform A Passive Scan
Use a web browser like Google Chrome, open the Developers tools (Ctrl+Shift+I), navigate through different pages of any website, and see the requests and responses in the network tab of developer tools. You should also take a look at the source code of web pages. But you should know what to look for! Below are some examples:
- No encryption: Look for any non-HTTPS URL.
- Internal Server Error: Look for 5xx HTTP error code.
- X-Powered-By Headers: Check for detailed information like version number in "X-Powered-By" response headers.
- Information Disclosure: Look for application error messages and OS file/directory paths in the web page source code.
- Directory Listing: Check for displaying of file/directory listing inside any web page.
An easier way is to use an automated vulnerability scanner and config it to run passive tests only.
Is Passive Scan Enough?
Definitely not! You should perform full comprehensive scans to have a thorough security test. Passive scans are excellent for a quick evaluation of the website’s security, especially when a full scan is not an option.
Previously published on https://www.thesmartscanner.com/blog/why-you-should-use-passive-vulnerability-scan-on-your-website.