Web Application Scanning

CISA's Cyber Hygiene Web Application Scanning is "internet scanning-as-a-service." This service assesses the "health" of your publicly accessible web applications by checking for known vulnerabilities and weak configurations. Additionally, CISA can recommend ways to enhance security in accordance with industry and government best practices and standards.

SCANNING OBJECTIVES

• Maintain enterprise awareness of your publicly accessible web-based assets
• Provide insight into how systems and infrastructure appear to potential attackers
• Drive proactive mitigation of vulnerabilities to help reduce overall risk

SCANNING PHASES AND OVERALL PROCESS

Scanning Phases

• Discovery Scanning: Identify active, internet-facing web applications
• Vulnerability Scanning: Initiate non-intrusive checks to identify potential vulnerabilities and
• configuration weaknesses