If you've heard the phrase "external security scan" and wondered what it actually means — or whether your business needs one — this is for you.
No jargon. No assumptions about your technical background. Just a clear explanation of what these tools do, what they don't do, and whether they're relevant for a business like yours.
What is an external security scan?
An external security scan looks at your business from the internet — the same way a stranger with a laptop and a grudge would.
It starts with nothing but your domain name. It then systematically checks everything visible from the outside: your DNS configuration, your web servers, your SSL certificates, your email security, your subdomains, the software versions you're running, and dozens of other signals.
The key word is external. Unlike an internal scan, there's no agent installed on your servers. No credentials shared. No access to your internal network. The scanner behaves exactly like any other device on the internet — because that's how attackers behave too.
What does it actually check?
A good external scan covers several categories:
DNS and domain security — Can your domain be spoofed in emails? Are there forgotten subdomains that could be hijacked? Is your domain about to expire?
Email security — Are your SPF, DKIM, and DMARC records correctly configured? Can anyone impersonate your company in an email? Is your domain on any email blacklists?
Web application security — Can attackers inject malicious code into your pages? Are there SQL injection or XSS vulnerabilities? Do your pages send the correct security headers?
SSL/TLS configuration — Is your HTTPS using strong encryption? Are you accidentally allowing old, broken cipher suites?
Software and version detection — What software is running on your servers? Are any known vulnerabilities publicly documented for those versions?
Credential breaches — Have staff email addresses appeared in known data breaches?
Cloud and infrastructure — Are any cloud storage buckets accidentally public? Are there exposed admin panels or debug endpoints?
Kayvrn checks 57 different categories across all of these areas.
How is it different from a penetration test?
A penetration test is a manual, hands-on security assessment carried out by a human tester. They try to break in, using the same techniques as an attacker, and report what they found.
An external security scan is automated and continuous.
| External Scan | Penetration Test | |
|---|---|---|
| Cost | £0–£199/month | £3,000–£30,000 per engagement |
| Frequency | Weekly or daily | Annually, or for compliance |
| Depth | Broad coverage across known issues | Deep, creative, human-led testing |
| Time to first result | 20–30 minutes | 2–4 weeks |
| Best for | Continuous visibility and early warning | Compliance, complex systems, board reporting |
The two aren't alternatives — they're complementary. An external scan gives you continuous coverage for the vast majority of issues. A pentest gives you deep, creative testing for specific, complex systems.
For most small and medium businesses, an external scan addresses the actual risk profile they face: automated attacks against known vulnerability classes. A pentest is invaluable for regulated industries, pre-acquisition due diligence, or complex custom applications.
How is it different from a vulnerability scanner?
Traditional vulnerability scanners run internally — they're installed on your network and scan from the inside out. They're powerful but require setup, credentials, and ongoing management. They're also invisible to the attacker's perspective.
An external scan doesn't require installation or credentials. It adds the attacker's-eye-view that internal scanners miss: what can someone see before they've ever touched your systems?
Both have value. For most small businesses that don't have internal IT infrastructure teams, an external scan is the more practical starting point.
Who needs an external security scan?
The honest answer is: any business with a public-facing domain.
That includes:
- E-commerce businesses — you handle payment data and customer records
- SaaS products — your application is your product; its security is your brand
- Professional services firms — law firms, accountants, consultants handling confidential client data
- Healthcare businesses — patient data, appointment systems, prescription records
- Agencies and creative firms — client portals, content management systems, hosting reseller accounts
- Startups — moving fast often means security gaps accumulate faster than you notice
The businesses that most need external scanning are often the ones that assume they're too small to be targeted. Size doesn't determine targeting in automated attacks. Vulnerability does.
What happens after a scan?
A good scan produces a prioritised report. Not an incomprehensible list of CVE numbers, but a clear breakdown of:
FIX NOW — Critical findings that represent active risk. Examples: default credentials found on an admin panel, a subdomain that could be immediately hijacked, an email configuration that allows domain spoofing.
FIX SOON — High-severity findings that should be addressed in the next two to four weeks. Examples: missing security headers, software running with known vulnerabilities, CORS misconfiguration.
OBSERVATION — Informational findings and lower-severity issues to monitor. Examples: software version information visible, technology stack identifiable, no WAF detected.
Each finding comes with a plain-English explanation of the risk and specific steps to fix it — written for you or your developer to act on immediately.
Getting started
Running a scan takes less than two minutes. Enter your domain at app.kayvrn.com, click Run Scan, and receive a full report in under 30 minutes. The first scan is free — no credit card, no installation, no commitment.
The scan won't fix anything by itself. But it will tell you exactly what needs fixing, in what order, and why. That's the information most businesses are missing.