Vulnerability scan best pratice

firewall

#1

Hi everyone,

Are there any good practices to achieved vulnerability scan through Cloudflare with the WAF activated?

Should I scan the public IP by bypassing Cloudflare and whitelist my scanner on the server side? Or should I scan through Cloudflare and create a rule to allow the scan traffic from my scanner IP?

Thank in advance


#2

Scan the origin IP address, because that’s the juiciest target.

Whitelist the scanner? Why would you purposefully open a hole in your security system to look for vulnerabilities?

For curiosity’s sake, I’d try all of the above to get a full picture, but give greater weight to the scans against your current configuration in its natural state.