The Light version of the Website Vulnerability Scanner performs a passive web security scan in order to detect issues like: outdated server software, insecure HTTP headers, insecure cookie settings and a few others (see the complete list of tests below).
We recommend doing a Full Scan for a comprehensive website assessment which includes detection of SQL Injection, XSS, Local File Inclusion, OS Command Injection and more.
Finds common vulnerabilities which affect web applications: SQL Injection, XSS, OS Comand Injection, Directory Traversal and others. The scanner also identifies specific web server configuration issues.
Website Penetration Testing
Speed-up your penetration test with this online scaner. It is already set-up and cofigured with the optimal settings for best results and performance. Just start the scan and come back later for results.
You can perform a self-security assessment in order to detect weaknesses in your own application. This will allow you to fix the vulnerabilities before being hit by real attackers.
Third-Party Website Audit
If you are a web development company, you can also show this report to your clients and prove that you have implemented the proper security measures in the application.
The Website Vulnerability Scanner is a custom tool written by our team in order to quickly assess the security of a web application. It is a full-blown web application scanner, capable of performing comprehensive security assessments against any type of web application.
The free scan that you can perform in this page is a Light Scan, while the Full Scan can only be used by paying customers. Here is the complete list of tests performed by this vulnerability scanner and the difference between Light and Full scans.
List of tests performed
Fingerprint web server software
Analyze HTTP headers for security misconfiguration
Check the security of HTTP cookies
Check the SSL certificate of the server
Check if the server software is affected by known vulnerabilities
Analyze robots.txt for interesting URLs
Check whether a client access file exists, and if it contains a wildcard entry (clientaccesspolicy.xml, crossdomain.xml)
Discover server configuration problems such as Directory Listing
Check for SQL Injection
Check for Cross-Site Scripting
Check for Local File Inclusion and Remote File Inclusion
Check for OS Command Injection
Find administrative pages
Check for sensitive files (archives, backups, certificates, key stores) based on hostname and some common words
Attempt to find interesting files/functionality
Check for information disclosure issues
Warning: The Full Scan generates a high amount of noise in the network. Most correctly configured IDSs will detect this scan as attack traffic. Do not use it if you don't have proper authorization from the target website owner.
This is the url of the website that will be scanned. The tool does not follow any redirects so the exact url will be scanned. If you want to scan only a certain directory or path, you can add it in the url like: http://www.mycompany.com/base_directory/. All urls must start with http or https.
This is a fast, passive and non-intrusive scan.
This is a complete assessment which covers a much broader range of security tests.
Authentication - User/Password
The credentials for the scanner to try authentication before starting the scan
Authentication - Cookie
A valid session cookie that will be used by the scanner to do authenticated scans
How it works
The Full version of the scanner includes all the tests from the Light scan and adds more complex security tests. It first crawls the target application then it sends various inputs into the parameters of the pages and looks for specific web vulnerabilities such as: SQL Injection, Cross-Site Scripting, Local File Inclusion, OS Command Injection and many more.
Furthermore, the scanner also attempts to detect sensitive files from the server like backup files, old files, admin interfaces, archive files, etc.
While the Light Scan is passive and generates a maximum of 20 HTTP requests to the server, the Full Scan is more aggressive and it sends up to 10,000 HTTP requests. This may trigger alarms from IDS devices but you should know that it is not a destructive scan.
Since the Full Scan does a comprehensive website assessment, it can take up to several hours to complete.
The Website Vulnerability Scanner is able to scan the target web application as an authenticated user. The authentication can be configured in two ways:
User/Password Authentication: When this option is chosen, the scanner will first try to authenticate to the provided login URL and obtain a valid session cookie. This cookie will be used with all the HTTP requests done to the server, performing an authenticated scan. You have the option to check if the authentication was successful before actually starting the scan.
Cookie Authentication: With this option you can specify an already valid session cookie (or multiple cookies) that will be sent with each HTTP request to the server. You have to first obtain the session cookie by manually logging in to your target application with a web browser and transferring the cookie from the browser to the scanner (copy/paste).
This tool costs 20 credits but you have 40 credits left.