Skip to Content

Web Application Vulnerability Scanner

The Process of Web Application Vulnerability Scanning


A web application vulnerability scanner is server based software that runs security tests against web applications. Since web applications are constantly facing the Internet, they are common targets for attacks. The detailed reports from the scanner will give you mitigation techniques and fixes that you can implement in a timely manner. Given the address of a web application, the scanner will create a report of the vulnerabilities found in the application. The bigger and more complex the web app, the more likely the scanner will find vulnerabilities. While the vulnerabilities vary in degree of importance, the report will allow you to concentrate on those vulnerabilities that cause the most concern in your computing environment.

Here is a sample of some information you might find in a report:

Severity High
Type Application level test
Classification Command Execution: SQL Injection
Security Risk It is possible to view, modify or delete database entries and tables
Fix Recommendation Sanitize user input

Severity Low
Type Infrastructure
Classification Information Disclosure: Information Leakage
Security Risk Disclosing the directory structure
Fix Recommendation Issue a "404 - Not Found" response instead of "403 -Forbidden" response

Web applications are best scanned in a development environment. If a development environment is not available, then scheduling the scan to avoid service disruption is recommended. The size of the web application determines the time it takes to scan.

If you would like to request a web application vulnerability scan, please contact ISPRO at this address. Please note that requests for scans must be approved by the owning department's management.