Vulnerability scan best pratice

Hi everyone,

Are there any good practices to achieved vulnerability scan through Cloudflare with the WAF activated?

Should I scan the public IP by bypassing Cloudflare and whitelist my scanner on the server side? Or should I scan through Cloudflare and create a rule to allow the scan traffic from my scanner IP?

Thank in advance

Scan the origin IP address, because that’s the juiciest target.

Whitelist the scanner? Why would you purposefully open a hole in your security system to look for vulnerabilities?

For curiosity’s sake, I’d try all of the above to get a full picture, but give greater weight to the scans against your current configuration in its natural state.

This topic was automatically closed after 30 days. New replies are no longer allowed.