Web Vulnerability Scanner

A web vulnerability scanner is a vulnerability scanner designed specifically to find security vulnerabilities in websites and web applications. Because web applications are interactive—they can contain login names and passwords, user profiles, databases of customer addresses and credit card information—they are vulnerable to security attacks. A successful hacker could steal the entire database of customer personal and financial information or deface the website. Web vulnerability scanners do not rely on the internal setup of a website. Instead, the scanner searches for vulnerabilities by simulating attacks much as a hacker would. A typical web vulnerability scan will check for the following:

a valid and sufficiently strong security certificate

proper HTTP headers

suspicious files

cross-site scripting

broken authentication

cross-site request forgery (CSRF)

components with known vulnerabilities

SQL injection

command execution

directory traversal

insecure server configuration

Because hackers are continuously finding new ways to exploit security vulnerabilities, web vulnerability scanners must be regularly updated. Running an up-to-date web vulnerability scanner regularly is a good way to strengthen security of a web application. Scanning a web application for security vulnerabilities is an important part of keeping the site safe for both the organization and its customers.

A web vulnerabilty scanner is designed to test website security