This information is for service providers, such as web hosting companies and companies providing hosting for CMS systems and companies providing cloud services and SaaS.
What is Holm Security VMP?
Holm Security provides a platform for vulnerability assessment called Holm Security VMP. The platform performs network and web application security scanning to find vulnerabilities. The testing is performed using large number of different techniques to identify mainly badly configured systems, outdated software with vulnerabilities and security issues in web applications like the ones within OWASP top 10.
Read more about OWASP top 10 here:
Why do vulnerability assessment?
Performing vulnerability assessment helps our customers to maintain a high security to avoid being hacked and to comply with rules and regulations such as e.g. GDPR (General Data Regulation Regulation) and NIS (Network and Information Security). Even if most providers have a high level of security, it’s still the customer that suffers from security breaches, accordingly they need to verify the security.
What impact will scanning have on our systems?
The impact is minimal. Holm Security VMP is designed to minimize the network bandwidth it uses, so that impact on network traffic load is minimal. If a scan detects that the device performance is bad or deteriorates during a scan, it will adapt dynamically and reduce the scan intensity and speed.
Consider that all your public systems are constantly exposed to hackers, so Holm Security VMP’s tests doesn’t actually differ from what your exposed to already today.
What are the benefits for me as a provider?
The benefits for you as a provider is that you get extra security testing of your services, that will improve security for the customer and maybe other customers as well.
How do I admit the customer to perform scanning?
Holm Security recommend that you send an email to the customer with the following phrase to confirm that they are allowed to perform scans from Holm Security VMP. Please send a copy to firstname.lastname@example.org.
We hereby confirm that we allow <name organization> to perform vulnerability assessment scanning using Holm Security VMP, for the following IP/IP ranges and web applications/websites:
<specify each IP/IP range and web application/website>
Vi bekräftar härmed att vi tillåter sårbarhetsskanning med Holm Security VMP av följande IP-nummer/IP-nät och webbapplikationer/webbplatser:
<specificera varje IP-nummer/IP-nät och webbapplikation/webbplats>