Embedded Files
Overview
Overview
The Website Security page is where you manage your website’s security and check for vulnerabilities that might put your organization at risk.
Accessing the Website Security Page
Accessing the Website Security Page
Go to app.maplegrc.com.
Log in with your account credentials.
From the homepage, navigate to the Website security page.
Before you begin
Before you begin
Your website will be automatically reflected on this page from the website link you entered when you created the company profile in MapleGRC.
Add your website
Add your website
Your website (entered when you created your MapleGRC profile) appears here automatically.
If you want to add a different website, add it manually.
On the Website Security page, click Add Your Website.
Enter a label — a friendly name to help you identify the site inside MapleGRC.
Click Save.
Assign an Owner
Assign an Owner
For each website, you can assign an owner—the person responsible for managing the site (either someone from your IT team or a vendor).
Click Add Owner.
A list of all team members/users will appear.
Choose the owner, then click Save.
Scan your Website
Scan your Website
Click New Scan.
MapleGRC supports multiple scanners (e.g., OpenVAS, OWASP ZAP, and more).
For CyberSecure Canada compliance, select OWASP ZAP, then click Run Scan.
You’ll see the scan progress on screen; scans typically complete in ~10–20 minutes.
The website owner also receives an email notification when the scan is done.
After the Scan Completes
After the Scan Completes
Once the scan is finished, a record is created in the table, showing:
The scan name and details
The number of vulnerabilities detected in each category (High, Medium, Low)
The date of the scan
You can add notes (e.g., mark false positives) to keep your record clean and auditable.
You can click View Vulnerabilities to see all findings in detail.
For a comprehensive view, click Download Report to generate a full PDF that includes:
A complete list of detected vulnerabilities
Recommended solutions for each issue
Documentation suitable for records, auditors, or sharing with your vendor/IT team
How This Page Works
How This Page Works
Click the How This Page button to watch a short demo video that walks you through the page step by step.
Why Website Security Matters
Why Website Security Matters
Under CyberSecure Canada – Section 6.3, organizations are required to address the OWASP Top 10 vulnerabilities on their websites.
By running regular OWASP ZAP scans and fixing issues found, you’re directly meeting this requirement and reducing exposure to common web risks.
Monitoring your website for vulnerabilities helps ensure your website stays secure and your organization remains compliant.
Page updated
Report abuse