A passive vulnerability scan is a type of security scan in which the scanner sends . It is like a visitor browsing the site. no unusual requests to the server In this article, we'll review the benefits of a passive vulnerability scan. Pick Low-Hanging Fruits Browsing the website is the first thing hackers and security experts do when evaluating a website’s security. It is called a passive scan. Many problems can be identified just by looking into the source code of web pages. Issues like Vulnerable WordPress Version, Application Errors and, Password Over Unencrypted Channel are some of such problems. Intercepting requests and responses between the browser and the server can also reveal many weaknesses. For example, you can detect cookie vulnerabilities just by looking into the web server’s response headers. Less Impact Passive scan comparing to active scan is less risky for the availability of the web application. Since no unexpected request is sent to the web server, the server should be able to handle the scan like any other visitor. ⛔ In passive scans, all URLs are visited so, if there are links that perform actions like deleting accounts or files, passive scans can still be dangerous. Bypass Web Application Firewalls Websites usually use WAFs to stop attacks in the production environment. Passive scans don’t trigger any alarm on WAFs most of the time. So, the scan can proceed without getting blocked by the firewall. No Schedule Required Active vulnerability scans usually put a lot of pressure on the web application. That’s why they should be performed at a scheduled time to reduce the risk. But passive tests can be conducted at any time, just like website visitors that can browse the site anytime. Fast Security Scan Browsing a website is fast, so does a passive scan. Passive scans are speedy because they send fewer requests to the web server. Also, there is less chance of getting caught by WAF that might slow down the scan. How To Perform A Passive Scan Use a web browser like Google Chrome, open the Developers tools (Ctrl+Shift+I), navigate through different pages of any website, and see the requests and responses in the network tab of developer tools. You should also take a look at the source code of web pages. But you should know what to look for! Below are some examples: Look for any non-HTTP URL. No encryption: S Look for 5xx HTTP error code. Internal Server Error: Check for detailed information like version number in "X-Powered-By" response headers. X-Powered-By Headers: Look for application error messages and OS file/directory paths in the web page source code. Information Disclosure: Check for displaying of file/directory listing inside any web page. Directory Listing: An easier way is to use an automated vulnerability scanner and config it to run passive tests only. Is Passive Scan Enough? Definitely not! You should perform full comprehensive scans to have a thorough security test. Passive scans are excellent for a quick evaluation of the website’s security, especially when a full scan is not an option. Previously published on https://www.thesmartscanner.com/blog/why-you-should-use-passive-vulnerability-scan-on-your-website .
