Pre-Scan Checklist

Scan is designed to be super-easy to use, but there are some important points to note before running your first scan.

Our IP addresses

First up, all vulnerability scans will be run from the following IP address:

You may want to whitelist this IP address in any intrusion detection/prevention systems you have in front of the target host.

Do you need permission from a 3rd party or parties to run Scan?

These days, the major cloud service providers (AWS, Azure, Google Cloud) do not require you to obtain advance permission to run Scan on their infrastructure.

For other providers (RackSpace, DigitalOcean etc), or for dedicated or co-located hosting providers, it's best to check with your provider BEFORE carrying out your first scan, and obtaining written permission if you do.

Do you have the authority to run vulnerability scans against your infrastructure?

Are you the correct person in your organisation to provide authority to run vulnerability scans against your infrastructure? If you're not sure, it's best to ask a colleague in a senior technical role.

If you're an admin on the OnSecurity platform, you can also invite colleagues to the platform from the administration menu here