+91 22 6142 6099      Support     Login

vulnerability scanner

Introduction

Websites or Web Applications plays pivotal role for any organization. The Website Vulnerability Scan is an analysis conducted by our security experts on your web applications or websites. The process of finding vulnerabilities can not be fully automated as we go through each and every page of your web application or website and try various methods to identify possible vulnerabilities that attackers may use and take monetary benefits from it.

We deliver accurate and timely results. Our Website Vulnerability Scan, allows you to manage a prioritized list of identified vulnerabilities in your Website or Web application so that you can have in-depth detail of every minute security loophole. We also provide you with recommendations to ensure complete remediation.

Free Sample

The free version of the Website Vulnerability Scanner performs a passive web security scan in order to detect issues like: insecure HTTP headers, insecure cookie settings and a few others (see the complete list of tests below).

We recommend doing a Full Scan for a comprehensive website assessment which includes detection of SQL Injection, XSS, Local File Inclusion, OS Command Injection and more.

Full Scan

Testing Areas Free Scan Full Scan
Website Fingerprinting
Version-based Vulnerability Detection
Commom Configuration Issues
SQL Injection
Cross-Site Scripting
Local/Remote File Inclusion
Remote Command Execution
Discovery of Sensitive Files
Starting At Free ₹4,999

Technical Details

about

About

The Website Vulnerability Scanner is a custom tool written by our team in order to quickly assess the security of a web application. It is a full-blown web application scanner, capable of performing comprehensive security assessments against any type of web application.

The Free scan that you get scan basic vulnerabilities, while the Full Scan can only be used by paying customers. Here is the complete list of tests performed by this vulnerability scanner and the difference between Free and Full scans.

List of tests performed

Testing Areas Free Scan Full Scan
Fingerprint Web Server Software
Analyze HTTP headers for security misconfiguration
Check the security of HTTP cookies
Check the SSL certificate of the server
Check if the server software is affected by known vulnerabilities
Analyze robots.txt for interesting URLs
Check whether a client access file exists, and if it contains a wildcard entry (clientaccesspolicy.xml, crossdomain.xml)
Discover server configuration problems such as Directory Listing
Crawl website
Check for SQL Injection
Check for Cross-Site Scripting
Check for Local File Inclusion and Remote File Inclusion
Check for OS Command Injection
Check for outdated JavaScript libraries
Find administrative pages
Check for information disclosure issues
Attempt to find interesting files/functionality
Check for sensitive files (archives, backups, certificates, key stores) based on hostname and some common words

Warning: The Full Scan generates a high amount of noise in the network. Most correctly configured IDSs will detect this scan as attack traffic. Do not use it if you don’t have proper authorization from the target website owner.

Frequently Asked Questions

The Full version of the scanner includes all the tests from the Free scan and adds more complex security tests. It first crawls the target application then it sends various inputs into the parameters of the pages and looks for specific web vulnerabilities such as: SQL Injection, Cross-Site Scripting, Local File Inclusion, OS Command Injection and many more.

Yes, the scanner attempts to detect sensitive files from the server like backup files, old files, admin interfaces, archive files, etc.

While the Free Scan is passive and generates a maximum of 20 HTTP requests to the server, the Full Scan is more aggressive and it sends up to 10,000 HTTP requests. This may trigger alarms from IDS devices but you should know that it is not a destructive scan.

Full Scan does a comprehensive website assessment so, it takes several hours to complete.