Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
picture of tbs certificates
picture of tbs certificates
Our products range

All about Symantec Vulnerability Assessment

What is a Web site vulnerability?

A vulnerability is a potential entry point through which a Web site’s functionality or data can be damaged, downloaded, or manipulated. A typical Web site (even the simplest blog) may have thousands of potential vulnerabilities.

What is vulnerability assessment?

Free with the purchase of every Extended Validation or Pro SSL Certificate, vulnerability assessment helps you quickly identify and take action against the most exploitable weaknesses on your Web site.

Vulnerability assessment includes:

  • An automatic weekly scan for vulnerabilities on public-facing Web pages, Web-based applications, server software and network ports.
  • An actionable report that identifies both critical vulnerabilities that should be investigated immediately and informational items that pose a lower risk.
  • An option to rescan your Web site to help confirm that vulnerabilities have been fixed.

Which SSL Certificates include vulnerability assessment?

Vulnerability assessment is included with Symantec Secure Site Pro with EV, Secure Site with EV, and Secure Site Pro SSL Certificates. To activate vulnerability assessment for any of these SSL Certificates, customers have to send an email to our support team at or to phone to +33 2 76 30 59 02. Symantec Secure Site SSL Certificates do not include vulnerability assessment and it is not available for individual purchase.

What is the cost for the product?

There is no cost for this additional feature. It is included with the purchase of any Secure Site Pro product as well as any Symantec Extended Validation SSL product.

Is this feature available to purchase as a separate service?

At this time, we do not have an option to buy this service as a separate product.

How do I activate this feature?

Request its activation to our support team by phone at +33 2 76 30 59 02 or by email on

I have multiple Web sites, will the same assessment apply to all of them?

Yes, but you will need to ensure that they have a Secure Site Pro or Extended Validation SSL Certificate in place on those domains as well.

How does Symantec help keep my site visitors safe?

  • SSL encryption protects online transactions and keeps data confidential in transmission.
  • Vulnerability assessment identifies weaknesses on your Web site that are most commonly used for attack.
  • Malware scanning alerts you if your Web site is infected with malicious software.
  • The combination of SSL encryption, vulnerability assessment and Web site malware scanning helps you provide site visitors with a safer online experience and extend security beyond https to your public-facing Web pages.

How does Symantec help me avoid being blacklisted by search engines?

Google, Yahoo, Bing and other search engines scan and then blacklist or exclude any Web site found with malware. By using vulnerability assessment to identify exploitable weaknesses and taking corrective action, you may reduce the risk of hackers finding your site and attacking it. With daily Web site malware scanning, you have an early warning system if an attack occurs. Symantec includes both services for free with every Extended Validation or Pro SSL Certificate. Daily Web site malware scanning is included with every Secure Site SSL Certificate.

How does vulnerability assessment help companies manage security?

Symantec offers a vulnerability scan that is designed to detect the entry points most frequently used for the most common attacks. The vulnerability report categorizes vulnerabilities based on type and risk and proposes corrective actions. This combination helps businesses quickly identify and remediate critical vulnerabilities, making it easier to secure your Web site. Vulnerability scans that have not been fine tuned may generate volumes of unneeded data about low priority vulnerabilities, obscuring the essential security measures that need to be taken immediately.

What are the most common types of attack?

SQL injection is used by hackers to gain access to your database. Cross-site scripting lets a hacker add code to your Web site to execute tasks. A few simple steps can protect against these common attacks if you know where the weaknesses are on your Web site.

Does the Symantec Safe Site change when vulnerabilities are detected?

No. A detected vulnerability does not affect the appearance of your trust mark. Vulnerabilities are not threats, they are entry points that may be exploited. The Norton Secured Seal changes appearance when malware is detected and visitors may be at risk. By not connecting your seal to vulnerability scanning results, Symantec helps you maintain trust in your Web site and allows you to fix vulnerabilities on your own schedule.

Is the scan invasive to my site? Will it impact site performance?

Vulnerability assessment is designed to be noninvasive, and your customers will not see any impact in site performance or page-loading times.

What if I already have vulnerability scanning?

Vulnerability assessment does not replace PCI-compliant vulnerability scans. The free service complements existing protection with an automatic weekly scan and an easy-to-read report of the most critical vulnerabilities. Provided with your SSL Certificate, vulnerability assessment can be combined with other scans to provide additional information to help decide how to take action.

Can I customize my scan?

Vulnerability assessment is designed to provide essential information without a complex set up or extensive management. You may change notifications and activate or deactivate starting points if you have multiple SSL Certificates with different fully qualified domain names.