Web Security Scanner (DAST)

Active web applications (websites) are constantly exposed to malicious attacks. The best practice is to regularly use DefenseCode WebScanner for performing security audits of your websites.

Products/Web Security Scanner

Web Security Scanner

DefenseCode WebScanner is a DAST (Dynamic Application Security Testing, BlackBox Testing) solution for comprehensive security audits of active web applications (websites). WebScanner will test a website's security by carrying out a large number of attacks using the most advanced techniques, just as a real attacker would.

DefenseCode WebScanner can be used regardless of the web application development platform. It can be used even when application source code is no longer available. WebScanner supports major web technologies such as HTML, HTML5, Web 2.0, AJAX/jQuery, JavaScript and Flash. It is designed to execute more than 5000 Common Vulnerabilities and Exposures tests for various web server and web technology vulnerabilities and will discover more than 50 vulnerability types, including OWASP Top 10.

WebScanner is fast, effective, highly accurate, easy to use and requires virtually no user input.

More information about specific vulnerabilities can be found here.

Sample WebScanner scan report can be downloaded: here.

For more informations, contact us on: defensecode@defensecode.com

WebScanner is a perfect companion to the ThunderScan suite for source code auditing. ThunderScan and WebScanner make a powerful combination to examine the security of even the most complex web applications.

Key Benefits

  • Modern and simple user interface
  • Comprehensive web crawler
  • Fast scanning engine
  • JavaScript support
  • Flash support
  • Report generation

Currently, Web Scanner can discover over 50 different classes of web application security vulnerabilities (including OWASP Top 10). Some are listed in table below.


  • SQL Injection
  • File Disclosure
  • Page Inclusion
  • Code Injection
  • Shell Command Execution
  • Cross Site Scripting
  • File Manipulation
  • HTTP Response Splitting
  • LDAP Injection
  • XPATH Injection
  • Blind SQL Injection
  • Common Files
  • Dangerous File Extensions
  • File Upload
  • Buffer Overflows
  • Server Side Includes
  • Information Leak
WebScanner preview can be seen on YouTube