Vulnerability Scan

Hi everyone,

We set up our Heroku application with Cloudflare to serve traffic over HTTPS just like written in this article.

We will perform vulnerablity scans for web servers on Heroku.
Is there something wrong to use PortScan tools(Nmap etc) and Nessus (vulnerability scan tool)?

Best regards.

May I ask will you perform those scans over Cloudflare IP addresses (your domain being proxied via Cloudflare, DNS records being :orange: cloud) or over your origin IP address (DNS records being :grey: cloud)?

1 Like

Agreed. Port Scanning Cloudflare is bad form. And I can’t imagine Heroku would appreciate it either. What you’re doing is penetration testing, and it’s highly inadvisable to do it without written permission of the entity you’re scanning.

From their Legal Notices page:

Because of the slight risk of crashes and because a few black hats like to use Nmap for reconnaissance prior to attacking systems, there are administrators who become upset and may complain when their system is scanned. Thus, it is often advisable to request permission before doing even a light scan of a network.

1 Like

Thank you for your reply!

We created domain in godaddy and set custom name server to cloudflare.
In cloudflare, set DNS records to link domain with heroku FQDN (〇〇.herokuapp.com/)

So I suppose this means domain being proxied via Cloudflare, DNS records being :orange: cloud.

Thank you for your reply.

I also asked Heroku support.
If it is not advisable, I will ask security company to scan for Heroku FQDN(〇〇.herokuapp.com/).

And they said it was ok?

With permission from Heroku, I hope…because that server still belongs to Heroku.

1 Like

Hi sdayman!

Here is Heroku reply.

Coordinated penetration tests and network security scans are allowed on Heroku. We don’t require authorization of standard security and penetration tests. These tests should be low volume and not appear to be denial-of-service attacks.

So I will keep on preparing scans.
Thank you!