After you launch a scan you are taken to the ‘Scan Results’ page. The findings from your scan update in real-time as the scan runs.
Full versus Remote Scan
The heading at the top of the scan results page will tell you which type of scan you are running. There are two types of scan that you can run. The first is a ‘Remote Scan’, which connects to your website from the Gravityscan servers and performs a scan. The second is a ‘Full Scan’, which scans remotely and also leverages a locally installed file called Gravityscan Accelerator to enable more comprehensive and accurate scans.
Scan Settings and Sharing
In the upper right hand corner of the scan results area you will find buttons for sharing results and viewing scan settings. The scan settings reflect the settings as of the when the scan was launched. The settings for a scan cannot be altered once it is running. To change settings you must stop the scan, change the settings and restart the scan.
The ‘share results’ button allows you to share your scan results via email or link. Learn more about sharing scan results.
‘Scan Intensity’ controls how much load Gravityscan will place on your website. The higher the intensity setting, the faster the scan will complete. Sites on Free plans are given the two lowest intensity options to choose from. Websites on the Pro plan can be scanned using any of seven intensity levels. Please use caution when increasing scan intensity, as many entry-level hosting plans are unable to tolerate the higher intensity options.
Above the scan results table you will find statistics that provide visibility into what Gravityscan is doing and alert you to any errors. They are kept up-to-date in real time as scans run. They are:
Checks Performed – This is the number of security checks that Gravityscan has performed on your website. This number can vary significantly based on the size and complexity of your website. Scanning a relatively simple site, like demo.gravityscan.com, can yield just a couple hundred checks. On the other end of the spectrum, scanning a large e-commerce site will likely involve millions of checks.
Data Transferred – This shows you how much data your website sent to Gravityscan during the scanning process.
Site Errors – This tells you how many server errors Gravityscan has encountered while scanning your site. In some cases the number and type of errors will exceed a threshold and cause the scan to end before it’s complete. In most cases your scan will complete with no errors or Gravityscan will adjust it’s scan intensity to minimize errors and complete a scan.
Results Found – This is a simple count of the number of results shown in the scan results table.
Scan Results Table
The scan results table displays findings in real-time while your scan is running and stops changing once the scan is complete. The table can be sorted by severity, type, title or product. The default sort for the table is by severity.
A summary for each scan finding is displayed by default. To view the detail for any finding, click on the ‘expand’ link in the details column. Only one column can be expanded at a time.
Severity levels for vulnerability findings are based on the CVSS score for the vulnerability if available. Scores range from 0.0 to 10.0 and map to a severity level of Low, Medium, High or Critical. In rare cases where the CVSS score is unavailable a severity level of Unknown is assigned.
All malware and blacklist findings are assigned a severity of Critical.
A severity level of Passed is assigned when a security check is completed with no adverse findings. As detailed below, findings reported as false positives are assigned severity level False Positive and ignored findings are assigned severity level Ignored.
Reporting False Positives
In the context of a security scan, a ‘false positive’ is an incorrect finding. For example, Gravityscan may indicate that a php file running on your website contains malware, but on investigation you determine that it doesn’t. In those cases the Gravityscan team wants to know about them right away.
To report a false positive, simply click the ‘false positive’ button at the bottom of the scan finding details. All of the information the Gravityscan team needs will be automatically be reported, no further action is necessary. The severity of the finding will change to False Positive and it will move to the bottom of the list. Gravityscan keeps track of false positive reports across multiple scans, so the finding will remain marked as a false positive in subsequent scans.
If you determine later that the finding was not a false positive you can simply click the ‘false positive’ button again to withdraw your report and restore the original finding severity.
In some cases there might be a scan finding that you agree is correct but you don’t want it showing up at the top of your scan findings. For example, you may be running a version of PHP that has known security vulnerabilities but you have applied a backported security patch to address the issue. In that case you can simply hit the ‘ignore’ button at the bottom of the scan finding details. The finding will sort to the bottom of the list and the severity will change to Ignored.
If you change your mind you can simply click the ‘ignore’ button again to restore the original finding severity.