+91 22 6142 6099      Support     Login

Introduction

Websites or Web Applications plays pivotal role for any organization. The Website Vulnerability Scan is an analysis conducted by our security experts on your web applications or websites. The process of finding vulnerabilities can not be fully automated as we go through each and every page of your web application or website and try various methods to identify possible vulnerabilities that attackers may use and take monetary benefits from it.

We deliver accurate and timely results. Our Website Vulnerability Scan, allows you to manage a prioritized list of identified vulnerabilities in your Website or Web application so that you can have in-depth detail of every minute security loophole. We also provide you with recommendations to ensure complete remediation.

Testing Areas Free Scan Full Scan
Fingerprint Web Server Software
Analyze HTTP headers for security misconfiguration
Check the security of HTTP cookies
Check the SSL certificate of the server
Check if the server software is affected by known vulnerabilities
Analyze robots.txt for interesting URLs
Check whether a client access file exists, and if it contains a wildcard entry (clientaccesspolicy.xml, crossdomain.xml)
Discover server configuration problems such as Directory Listing
Crawl website
Check for SQL Injection
Check for Cross-Site Scripting
Check for Local File Inclusion and Remote File Inclusion
Check for OS Command Injection
Check for outdated JavaScript libraries
Find administrative pages
Check for information disclosure issues
Attempt to find interesting files/functionality
Check for sensitive files (archives, backups, certificates, key stores) based on hostname and some common words
Starting At Free ₹4,999/yr

Warning: The Full Scan generates a high amount of noise in the network. Most correctly configured IDSs will detect this scan as attack traffic. Do not use it if you don’t have proper authorization from the target website owner.

Technical Details

about

About

The Website Vulnerability Scanner is a custom tool written by our team in order to quickly assess the security of a web application. It scans web applications for malware, vulnerabilities, and logical flaws. Web application vulnerability scanners use black box tests, as these tests do not require access to the source code but instead launch external attacks to test for security vulnerabilities. The Free scan that you get scan basic vulnerabilities, while the Full Scan can only be used by paying customers.

Frequently Asked Questions

The Full version of the scanner includes all the tests from the Free scan and adds more complex security tests. It first crawls the target application then it sends various inputs into the parameters of the pages and looks for specific web vulnerabilities such as: SQL Injection, Cross-Site Scripting, Local File Inclusion, OS Command Injection and many more.

Yes, the scanner attempts to detect sensitive files from the server like backup files, old files, admin interfaces, archive files, etc.

While the Free Scan is passive and generates a maximum of 20 HTTP requests to the server, the Full Scan is more aggressive and it sends up to 10,000 HTTP requests. This may trigger alarms from IDS devices but you should know that it is not a destructive scan.

Full Scan does a comprehensive website assessment so, it takes several hours to complete.