Scanner type
Full scan requires domain verification via validation file (HTTPS)

Quick scan Full Scan
OWASP Top 10 Vulnerability Scanning
Scans for the OWASP Top 10 vulnerabilities. A complete list of our scanners in the « Features » tab.

Automated Domain Verification
Verify scan targets for invasive scanning through placing a file on your system or a specific API-response for a GET-statement.

Speed up Scanning
Enables adjusting the scan requests per second.

Access to security wiki
Includes general descriptions, code snippets for fixing, and videos.

Regular Updates
We provide regular updates and new features to our scanners and the user interface.

Scan Targets
Multi Page Web Applications
An application, which consists of multiple individual pages. This is typically the case, if you have a HTML, JSP, etc. per page displayed in your browser.

Deep Scan – Automated JavaScript Scanning
An application, which is based on JavaScript. This is typically the case, if the application is based on or uses frameworks like Angular, React, Vue, jQuery or similar.

REST API Scanning
An application programming interface (API), which is documented in a Swagger / OpenAPI version 2 file. Usually the documentation is stored in a swagger.json file, which can be imported by the scanner.

Authentication
Application Login with Credentials
Log in to your application via BasicAuth or with user credentials (user/password).

Advanced Application Login
Log in to your application by defining keys and values for Cookies, HTTP Headers, or GET parameters.

Scheduling / Automation
Detailed PDF Reporting
Get our detailed pdf reporting with a high-level scan summary, detailed scan findings, general and specific descriptions of the found attack vectors, and remediation support.

Scheduled Scanning
Create a scan schedule for your project to start scans on a daily or weekly basis.

Machine-readable reports
Get our machine-readable reports in CSV, JSON, or XML format.

Scanning vulnerabilities and security issues
Server Version Fingerprinting
Web Application Version Fingerprinting
CVE Comparison
Heartbleed
ROBOT, BREACH, BEAST
Old SSL/TLS Version
SSL/TLS Cipher Order
SSL/TLS Perfect Forward Secrecy
SSL/TLS Session Resumption
SSL/TLS secure algorithm
SSL/TLS key size
SSL/TLS trust chain
SSL/TLS expiration date
SSL/TLS revocation (CRL, OCSP)
SSL/TLS OCSP stapling
Security Headers
Content-Security-Policy headers
Portscan
Boolean-based blind SQL Injection
Time-based blind SQL Injection
Error-based SQL Injection
UNION query-based SQL Injection
Stacked queries SQL Injection
Out-of-band SQL Injection
Reflected Cross-site scripting (XSS)
Stored Cross-site scripting (XSS)
Cross-Site Request Forgery (CSRF)
File Inclusion
Directory Fuzzer
File Fuzzer
Command Injection
XML External Entity Processing (XXE)