After the scan

What should I do when the scan result is unsafe?

We will ask you to resolve all high risk vulnerabilities as soon as possible. Please keep in mind that hackers will not ignore the rest. After resolving the issues you can request a rescan. If you are a member of Thuiswinkel this is required to pass the certification. You can send your rescan request to support@forus-p.com.

Do I have to resolve all vulnerabilities?

High risk vulnerabilities need to be fixed as soon as possible. This is mandatory for Thuiswinkel certification. To increase the security of your website, we also recommend solving any medium and low risks.

Why did I receive so many emails (or orders) and what can I do to prevent this?

During the scan our scanner will try to fill out all forms (including order forms). This test can cause an extreme amount of email traffic. This means your website allows this without limitation. And if we can cause this much traffic, so can someone else!

To prevent these so called “mail bombs” you can take the following precautions before the scan takes place:

Any emails/orders from the email address “veiligheidsscan@forus-p.nl” can be deleted or blocked on your mail server, for instance by blacklisting this email address.
We recommend placing additional security on all available forms. Google reCaptcha is the most commonly used solution for this.

I received the report, but can I get a password?

You will receive an email from qualys@qualys.net with a download link to your secured report. For security reasons we will send the personal password in a separate email. If you haven’t received our email, please first check your spam. No password? Email us at support@forus-p.com for help.

My password isn’t working. Why can’t I open the report?

For security reasons, the reports can only be downloaded for 7 days. You can request a new report by sending an email to support@forus-p.com.

Can I use the ForusP Secure logo on my website?

With a secure website you can place our ForusP Secure logo on your website, but only if your website is scanned by us at least once a month and identified vulnerabilities are resolved within 30 days. Our secure logo can inspire more trust among your (potential) customers and achieve a higher conversion rate. Detailed information can be found on: https://forus-p.com/en/secure-logo.

Why are vulnerabilities found in this scan and not in the previous one?

If the previous scan was a while ago, it could happen that a new scan reports new issues. This may be because changes have been made in the meantime, for example by updating a plugin. Hackers are also continuously developing new ways to attack websites. These new vulnerabilities are regularly added to our scanner.

Is a rescan necessary after solving vulnerabilities or can we check it ourselves?

Yes the website must be scanned again. New vulnerabilities may have emerged in the meantime. If we do not run the scan again, we will never be able to give a safe result.