Store

Symantec.com > Business > SSL Resources
SSL Resources
Symantec SSL Certificates provide solutions that allow companies and consumers to engage in communications and commerce online with confidence.
Back to SSL Information Center

Vulnerability Assessment FAQ

What is a website vulnerability?

A vulnerability is a potential entry point through which a website’s functionality or data can be damaged, downloaded, or manipulated. A typical website (even the simplest blog) may have thousands of potential vulnerabilities.
Back to top

What is vulnerability assessment?

Free with the purchase of every Extended Validation or Pro SSL Certificate (compare SSL Certificates), vulnerability assessment helps you quickly identify and take action against the most exploitable weaknesses on your website. Vulnerability assessment includes:
  • An automatic weekly scan for vulnerabilities on public-facing web pages, web-based applications, server software and network ports.
  • An actionable report that identifies both critical vulnerabilities that should be investigated immediately and informational items that pose a lower risk.
  • An option to rescan your website to help confirm that vulnerabilities have been fixed.
Back to top

How do Symantec SSL Certificates help keep my site visitors safe?

  • SSL encryption protects online transactions and keeps data confidential in transmission.
  • Vulnerability assessment identifies weaknesses on your website that are most commonly used for attack.
  • Malware scanning alerts you if your website is infected with malicious software.
The combination of SSL encryption, vulnerability assessment and website malware scanning helps you provide site visitors with a safer online experience and extend security beyond https to your public-facing web pages.
Back to top

How does Symantec help me avoid being blacklisted by search engines?

Google, Yahoo, Bing and other search engines scan and then blacklist or exclude any website found with malware. By using vulnerability assessment to identify exploitable weaknesses and taking corrective action, you may reduce the risk of hackers finding your site and attacking it. With daily website malware scanning, you have an early warning system if an attack occurs. Symantec includes both services for free with every Extended Validation or Pro SSL Certificate (compare SSL Certificates). Daily website malware scanning is included with every Secure Site SSL Certificate.
Back to top

How do vulnerability assessments help companies manage security?

The Symantec vulnerability scan is designed to detect the entry points most frequently used for the most common attacks. The vulnerability report categorizes vulnerabilities based on type and risk and proposes corrective actions. This combination helps businesses quickly identify and remediate critical vulnerabilities, making it easier to secure your website. Vulnerability scans that have not been fine tuned may generate volumes of unneeded data about low priority vulnerabilities, obscuring the essential security measures that need to be taken immediately.
Back to top

What are the most common types of attack?

SQL injection is used by hackers to gain access to your database. Cross-site scripting lets a hacker add code to your website to execute tasks. A few simple steps can protect against these common attacks if you know where the weaknesses are on your website.
Back to top

Does the Norton Secured Seal change when vulnerabilities are detected?

No. A detected vulnerability does not affect the appearance of your trust mark. Vulnerabilities are not threats, they are entry points that may be exploited. By not connecting your seal to vulnerability scanning results, we help you maintain trust in your website and allow you to fix vulnerabilities on your own schedule.
Back to top

What if I already have vulnerability scanning?

Vulnerability assessment does not replace PCI-compliant vulnerability scans. The service complements existing protection with an automatic weekly scan and an easy-to-read report of the most critical vulnerabilities. Free with your SSL certificate, vulnerability assessment can be combined with other scans to provide additional information to help decide how to take action.
Back to top

Can I customize my scan?

Vulnerability assessment is designed to provide essential information without a complex set up or extensive management. You may change notifications and activate or deactivate starting points if you have multiple SSL certificates with different fully qualified domain names.
Back to top

Which SSL certificates include vulnerability assessment?

Vulnerability assessment is included with Symantec Secure Site Pro with EV, Secure Site with EV, and Secure Site Pro SSL Certificates. Existing customers may activate vulnerability assessment for any of these SSL certificates by signing in to the Symantec Trust Center. New customers may activate the service after they complete their purchase.
Symantec Secure Site SSL Certificates do not include vulnerability assessment and it is not available for individual purchase. To add vulnerability assessment to your service, consider an upgrade.
Back to top
Back to SSL Information Center

Malware Scanning FAQ

What is malware?

Malware is short for malicious software and also known as malicious code. Hackers exploit security weaknesses on your server to gain access to your website and install malicious code. They use your website to spread viruses, hijack computers and steal sensitive data such as credit card numbers or other personal information. Malware code is not easily detected and may infect your customers’ computers when they visit your website.
Back to top

How can I prevent my site from becoming a target for malware?

A typical website (even the simplest blog) may have thousands of potential vulnerabilities. By using vulnerability assessment to identify the most critical vulnerabilities for correction, you may reduce the risk of hackers finding your site and attacking it. Symantec SSL Certificates include daily scans for website malware and automatic weekly scans that look for vulnerabilities that hackers most commonly exploit. (Compare SSL Certificates for details).
Back to top

How do I know if my website is free of malware?

Malicious code is hidden in the source code of your website and can be difficult to detect without line-by-line analysis. Some malware is activated by the display of a page and may not be detected without behavioral analysis of your code using a browser simulator. When you protect your website with a Symantec SSL Certificate, we include a free daily malware scanning service for your public web pages. If malware is detected, you will be directed to a list of infected pages and notified of the code causing the problem. Once you have deleted all instances of the code, you can request that your site be rescanned within 24 hours.
Back to top

What does the service scan?

The daily website malware scanning service scans the website code located at the hostname used in the SSL certificate, including javascript and iframes. The service completes a static analysis of website code as well as behavioral analysis through a browser simulation to find code that may be activated by display of a page. The service does not scan every web page on your website, but reviews an optimal number of pages to identify malicious activity. It does not scan your network or search for malware on internal desktop computers or scan attachments or internal web pages that require sign-in.
Back to top

What happens if malware is detected on my website?

If malware is discovered, you receive an email alert warning you of the malware infection with instructions to access the scan results within your Symantec Trust Center account or your Symantec Managed PKI for SSL console. The Website Security Services tab shows a list of infected pages and the code causing the problem. You or your website administrator can find and delete all instances of the malware and request that your site be rescanned within 24 hours.
Back to top

When does the scanning service begin?

The website malware scanning service is activated automatically when your business has been authenticated. There is nothing to download or install for you or your customers. If you decide that you do not want your website protected by a daily website malware scan, simply sign in to the Symantec Trust Center or Symanted Managed PKI for SSL Console to deactivate scanning.
Back to top

Do I have to activate malware scanning for every SSL certificate?

Scanning occurs by hostname. You may have many servers, each one secured by a unique SSL certificate and all of them providing content to a single hostname. The scan is of the html pages located at the hostname, not the servers themselves. As long as you have one active SSL certificate with the hostname, malware scanning is activated. If you decide that you do not want your website protected by a daily malware scan, simply sign-in to the Symantec Trust Center or Symantec Managed PKI for SSL Console to deactivate scanning of the hostname.
Back to top

Can I customize the website malware scan?

Malware scanning may be turned on or off by signing in to your Symantec Trust Center account and clicking the Malware tab or signing into your Symantec Managed PKI for SSL console. Specific pages or sections of your website cannot be targeted.
Back to top

Does this replace my enterprise scanning solution?

No. Symantec's website malware scan is designed to provide additional assurance to business owners and their customers that the site is regularly checked for malicious code. Traditional anti-malware software focuses on the end point: the desktop. Most enterprise scanning solutions are designed to protect employees from downloading or installing malware rather than protecting the company’s website from distributing malware.
Back to top

What does blacklisted mean?

Because of the potential damage caused by malware, Google, Yahoo, Bing and other search engines scan and then blacklist or exclude any site found with malware. If your site is blacklisted, it may be blocked entirely or flagged with a security alert to discourage click through. In addition, anti-virus plug-ins to popular browsers can detect malware and block access to infected sites.
Back to top

How can I protect my site from malware?

Like most thieves, malware hackers look for easy targets—such as a website where malware will go undetected for as long as possible. Posting the Norton Secured Seal on your website is like posting an alarm security sign in your front window. It shows hackers that your site is scanned daily to detect malware.
Back to top
Back to SSL Information Center

Norton Secured Seal FAQ

What is the Norton Secured Seal?

The Norton Secured Seal is a dynamic, animated graphic that displays on websites secured by Symantec SSL Certificates and websites authenticated by Symantec. When users click the Norton Secured Seal, a verification page opens containing information about your organization, the status of your malware scan, and SSL Certificate details (if you are an SSL customer).
In April 2012, VeriSign seals automatically updated to the Norton Secured Seal. The VeriSign Checkmark, part of the most recognized trust mark on the Internet, will be combined with the leading name in personal technology protection, Norton, and become the Norton Secured Seal. After the update, the Norton Secured Seal will be displayed over half a billion times per day on websites in 170 countries.
Back to top

Why is the Norton brand name used in the Norton Secured Seal?

In August 2010, Symantec purchased VeriSign Authentication Services, including VeriSign SSL Certificates and the VeriSign seal. As part of the transition, the trust mark will become part of the Symantec product family. The checkmark will stay the same and the seal will say "Norton Secured, powered by VeriSign". Symantec’s Norton brand is extremely well known to consumers, and these consumers look for the Norton Secured Seal on Web sites just like yours. In recent tests, 77% of consumers recognize the Norton Secured Seal with the check, more than any of our competitors' trust seals (Symantec Consumer Research, January 2011).
Back to top

How do I add the Norton Secured Seal to my website?

The steps are easy:
1. Purchase and install a Symantec SSL Certificate.
3. Create your seal script.
4. Copy and paste it onto your web pages.
5. Check your web pages to make sure the Norton Secured Seal displays correctly.
Back to top

Where should I display the Norton Secured Seal on my website?

Symantec recommends that you insert the seal where site visitors look for proof of security and authenticity:
  • Your home page
  • The footer of interior pages
  • Shopping cart and checkout pages
  • Pre-payment pages
  • Log-in screens and on secure application pages
  • On pages that display security or privacy policy information
  • Next to checkout or submit buttons
Back to top

Can I customize the Norton Secured Seal?

The Norton Secured Seal is displayed over half a billion times per day on websites in 170 countries. To maintain the value of trust in the seal and to comply with the terms and conditions of the license agreement, you should not modify the seal in any way.
The Norton Secured Seal is available:
  • in three sizes: small (100x72p), medium (115x82p) and large (130x88p)
  • in 13 languages
  • as an animated graphic (Flash)
  • as a static image (GIF)
Back to top

Why is it important to display the Norton Secured Seal on my website?

The Norton Secured Seal is an indispensable tool in your effort to improve your customers' perception of safety and trust when they do business online. Displaying the seal on your website can help reassure visitors. In a recent study, 77% of consumers recognized the Norton Secured Seal in tests, more than any of our competitor’s trust marks (Source: Symantec U.S. Consumer Research, Jan. 2011). When consumers feel secure, they are more likely to convert from visitors to customers and less likely to abandon their shopping cart.
Back to top

Can the Norton Secured Seal help increase online sales?

To maximize click through to your shopping cart, show customers that they can trust the link, trust the site, and trust the transaction with the Norton Secured Seal present at all stages of the purchase process. In recent tests, 94% of respondents were likely to continue an online purchase when they viewed the Norton Secured Seal during the checkout process, more than any of our competitor’s trust marks. (U.S. Online Consumer Study, February 2011)
Back to top

Can the Norton Secured Seal help increase traffic from search engines?

One of your biggest challenges as an online business is standing out in search so that potential visitors click on your link. The Norton Secured Seal is displayed through Symantec Seal-in-Search, a feature that automatically displays the Norton Secured Seal next to your link in search results on enabled browsers. Norton Safe Web now displays the Norton Secured Seal next to website links protected by Symantec SSL Certificates. Additionally, the Norton Secured Seal demonstrates that you have passed a daily website malware scan which helps mitigate the risk of becoming blacklisted by search engines or blocked by anti-virus browser plug-ins that detect malware.
Back to top

How soon will the Norton Secured Seal display on my site?

Installing the Norton Secured Seal takes just a few minutes. Once the pages are published, your SSL Certificate has been authenticated, and your website has passed a malware scan, the seal may take up to 2 hours to display. If this is the first time you've installed the seal using a particular common name, please allow up to 24 hours for the seal to display.
Back to top

Why should I install the animated (Flash) version of the Norton Secured Seal?

Flash content animates the seal, making it more visible to site visitors and more valuable to you. If your website does not support Flash content, you can select a non-Flash version of the seal during the installation process.
Back to top

Why isn't there a time and date stamp or organization name on the Norton Secured Seal?

Symantec conducted extensive market testing of trust marks with close to 1,000 participants across four continents. We determined that website visitors prefer a clean, simple seal design with maximum recognition. Date, time, organization name and additional trust and security information appear on the seal's verification page.
Back to top

What should I do if I discover misuse of a seal?

Symantec actively monitors for misuse of seals. If you encounter a seal that is used incorrectly, please report it to Symantec via the Report Seal Misuse form.
Misuse might include:
  • A site that does not employ an appropriate Symantec security solution
  • Mismatched information on the seal's verification page
  • Missing information pop-up when the seal is clicked
  • A modified seal
  • A seal used in phishing or illegal activities
Note: Symantec is not responsible for content on a website on which a Norton Secured Seal is displayed.
Back to top
Back to SSL Information Center

10 Tips for Managing Multiple Servers

If you exchange secure information between web servers and clients, facilitate server-to-server connections, or support server load balancing or SSL acceleration, you are managing cross-network security for multiple servers. These 10 tips will help you save time and money without sacrificing the trust of your customers.
1. Choose a management tool with a single point of control.
Managing enrollment, issuance, and renewals of certificates one-by-one is tedious and time-consuming. Symantec offers several options for managing multiple SSL certificates from a single, web-based console.
  • Symantec Trust Center is designed for administrators who purchase SSL certificates one at a time and want to centralize management, purchasing, and backups.
  • Symantec Trust Center Enterprise Account for customers who purchase 10 or more SSL certificates, includes additional reporting, delegated administration and instant issuance.
  • Symantec Managed PKI for SSL provides a comprehensive solution for purchasing a large number of certificates for issuance by multiple administrators to different organizations or business units.
2. Look for instant issuance with high-quality authentication.
Symantec offers different levels of control, depending on your organizational needs. With Symantec Trust Center Enterprise Account, you can pre-approve domain, organizational and contact information to streamline issuance.
With Managed PKI for SSL, Symantec authenticates the primary administrator who pre-purchases Symantec SSL Certificates for instant issuance. Administrators can be assigned organizations as well as roles and privileges to manage security, account configuration or certificates.
3. Take advantage of volume pricing.
If you purchase more than 10 SSL certificates, you can save time and money by bundling your separate SSL purchases into one transaction with volume discounts. Units can be redeemed throughout the year to issue SSL certificates when you need them. Each certificate's validity period begins when it is issued by the administrator. And all certificates can be managed from your Symantec Trust Center Enterprise Account. Volume pricing is also available through Managed PKI for SSL.
4. Take advantage of a longer validity period.
Reduce your management time by choosing a multi-year certificate whenever possible. When you purchase multiple certificates through Symantec Trust Center Enterprise Account or Managed PKI for SSL, you receive expiry notification alerts and can generate reports based on expiration date in 30, 60, or 90 days.
5. Issue a unique certificate for each server.
To ensure a common, high-level standard of security across all types of configurations, Symantec recommends that you do not share or copy certificates among servers. To support redundant server backups, server load balancing, or SSL acceleration, Symantec offers a licensing option for certificates.
6. Maximize customer confidence with a verifiable trust mark.
Concerns about identity theft and browser warnings erode consumer confidence, even on secured pages. The best way to communicate security and instill trust is to display the Norton Secured Seal, the most trusted mark on the Internet.¹ Our SSL certificates, the Norton Secured Seal, Symantec Seal-in-Search technology, and daily website malware scanning work together to help assure your customers that your site is safe from search to browse to buy.
7. Customize enrollment pages to streamline processing.
If you have several administrators managing SSL certificates for multiple business units, Managed PKI for SSL enables administrators to customize enrollment pages for instant issuance and generate email alerts to appropriate sub-administrators. The web-based portal offers a single point for quick response to requests for all your Symantec certificates across your enterprise.
8. Choose the strongest possible SSL certificates.
Standard SSL certificates enable a minimum of 40-bit and up to 256-bit SSL encryption. Certain older browsers and operating systems (for a complete list go to SGC: Strongest SSL Encryption) will achieve only 40- or 56-bit encryption unless there is a Server Gated Cryptography (SGC)-enabled certificate on the server. Symantec is the leading SSL provider of SGC-enabled SSL certificates, enabling 128-bit minimum to 256-bit encryption for over 99.9% of Internet users.
9. Purchase certificates from a trusted, experienced SSL provider.
The Symantec certificate validation infrastructure has experienced 100% uptime since 2004. Ninety-three of the 100 largest financial institutions worldwide are secured by Symantec SSL. ² They trust our encryption technology and rigorous business authentication practices. When you protect your site with a Symantec SSL Certificate and display the Norton Secured Seal, your customers know that their transactions are secure.
10. Protect your reputation and improve your online business.
When your company protects the confidentiality and integrity of sensitive information with SSL from Symantec, a leading certificate authority and the most recognized trust mark on the Internet, your business benefits and so does your reputation.¹ And you gain peace of mind knowing that your website is secured.
¹ In a U.S. online consumer study, 77% of consumers recognized the Norton Secured Seal, more than our competitors' trust seals, even before it was released publicly. Study conducted January 2011.
² Includes Symantec subsidiaries, affiliates, and resellers.

Contact Sales

1-866-893-6565 or

1-650-426-5112

Submit an Inquiry

Trust Center Sign In

Compare Symantec SSL Certificates
Get a Free Symantec SSL Trial
SSL Certificate Management Video
Simplify Certificate Management
©1995 - 2013 Symantec Corporation
About|
Site Map|
Legal|
Privacy|
Cookies|
Contact|
RSS