In the Security Center console, you can view the security status and security reports of your websites on the Assets page. In addition, you can run security checks on your websites. This topic describes how to view the security status of assets that are associated with your websites and security reports of your websites.

View the security status of associated assets and the number of alerts

The Assets page displays security information about each website protected by Security Center, such as the root domain, subdomain, risk status of associated assets, and number of alerts. The following procedure describes how to view the security status of associated assets and the number of alerts.

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Assets.
  3. On the Assets page, click the Website tab.
  4. On the Website tab, view the information about each website protected by Security Center.
    You can perform the following operations:
    • View root websites and associated assets
      You can click Root website to view information about all root websites, including Website Name and IP.All root websites
    • View subdomains and associated assets
      You can click Subdomain to view information about all subdomains, including Website Name and IP.All subdomains
  5. Optional:View the security status of associated assets and the number of alerts.
    On the Root website or Subdomain tab, click a name in the Website Name column or View in the Actions column to view the details of a website.The website list
    • You can view Domain, Root domain name, Risk Status, and Related Assets of a website. The Related Assets section provides Asset name/IP, Type, Server Vulnerabilities, and Alerts.
    • You can click the name of an asset to go to the details page. On the Basic Information tab, you can view Risk State of the asset. For more information, see View the details of an asset.Risks
    • You can click a number in the Server Vulnerabilities or Alerts column to view the details. For more information about how to handle vulnerabilities, see Overview. For more information about how to handle alerts, see View and handle alert events. Alerts

View website security reports

Security Center supports security checks for your websites and provides security reports based on the check results. The following procedure describes how to view a website security report.

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Assets.
  3. On the Assets page, click the Website tab.
  4. In the Security Check section, click Security Check.
  5. On the Website Security Report page, view security suggestions and statistics, which include the numbers of risky websites, alerts, and vulnerabilities.
    You can view the following information:
    • Overview
      In the Overview section, you can view the security score and the numbers of domains, risky websites, alerts, and vulnerabilities. Security Center calculates security scores based on the security status of websites. For more information about scoring, see Penalty points for website security scoring. The following list describes the security scores to which each color corresponds:
      • Green: 90 to 100 points. If the security score is displayed in green, your websites are in good security condition.
      • Yellow: 70 to 89 points. If the security score is displayed in yellow, your websites have security risks. We recommend that you handle the risks based on the suggestions displayed on the page.
      • Red: 10 to 69 points. If the security score is displayed in red, your websites have a large number of security risks and are vulnerable to attacks. We recommend that you reinforce the security of your websites at the earliest opportunity.
    • Risky Websites (TOP5)

      In the Risky Websites (TOP5) section, you can view a list of risky websites. The list provides website details, including the domains, SSL certificate configuration status, number of vulnerabilities, and number of alerts.

      SSL certificates help encrypt website data by using HTTPS, which prevents data theft. If your website is not configured with SSL certificates, click configure.

      If you want to handle the risks of a specific domain, click Processing in the Operation column. On the details page that appears, you can view the basic information about the domain, including the risk status and associated assets. In the Related Assets section, click a number in the Server Vulnerabilities or Alerts column. On the Vulnerabilities or Alerts page of the asset, fix the vulnerabilities or clear the alerts. For more information about how to fix vulnerabilities, see View and handle Web-CMS vulnerabilities and View and handle application vulnerabilities. For more information about how to clear alerts, see Handle alert events.

    • Alerts

      In the Alerts section, you can view the alerts generated on your website servers. You can view the alert names, risk levels, affected assets, and the last time when alerts were generated. If you want to handle a specific alert, click Processing in the Operation column. On the Alerts page, handle the alert as required. For more information, see Handle alert events.

    • Vulnerabilities

      In the Application vulnerability risks (top 5) and WebCMS Vul (TOP5) sections, you can view the lists of vulnerabilities detected on your website servers. The lists provide vulnerability announcements, risk levels, and affected assets. If you want to handle a specific vulnerability, click Repair in the Operation column. On the Vulnerabilities page, handle the vulnerability as required. For more information, see Overview.

    • Suggestions

      In the Suggestions section, you can view the security suggestions provided by Security Center based on the check results. When you receive a suggestion, such as We recommend that you enable tamper protection to prevent malicious modification and avoid unnecessary losses, click Processing. On the Tamper Protection page, you can enable tamper protection for your servers.

Penalty points for website security scoring

Cause Penalty point Upper limit of penalty points
Security alerts are generated. 5 points for each security alert A total of 30 points for all security alerts
Security vulnerabilities exist. 5 points for each security vulnerability A total of 40 points for all security vulnerabilities
Domains are not configured with SSL certificates. 5 points for each domain A total of 20 points for all domains