Before you scan, make sure you understand the following

Golem Security Scanner uses 'black box' scanning technology. This means we will scan your site from our servers, with no prior knowledge. This approximates what an attacker might see from outside the organization. We make every attempt to keep this activity safe for your site, but there is always some risk associated with running an automated process such as this.

Keep in Mind These 4 Facts About Scanning

1. The scan will submit every page and action it can find. This means contact forms, sign up forms, delete buttons, comments... anything!
2. The scanner operates quickly. The total number of requests is limited to reduce impact, however it may increase load on your webserver, and decrease performance.
3. You must own any site you scan! By submitting a scan, you certify that you are authorized to scan the target site.
4. If you have a non production website, enter that URL instead.

Black Box scanning is generally a safe method of testing security. If you have concerns about scanning your website, please contact us and we would be happy to discuss your concerns in more detail. Golem Security Scanner has been tested on numerous production websites without incident, and is optimized to be safe for production scanning.

False Positives

False positives are security vulnerabilities which are detected by the scanner, but which are not actual vulnerabilities. Because Golem security scanner does not actively attack your site, it cannot confirm whether the vulnerabilities it detects are true security holes. The scanner is designed to reduce the likelihood of false positives, but each vulnerability should be checked to ensure it is authentic.