XSS-Scanner

The XSS scanner is able to detect classic cross-site scripting vulnerabilities in your web applications. This includes the detection of DOM based vulnerabilities, which may allow attackers to execute javascript within the context of your web application.


TLS-Scanner

The TLS scanner allows you to check the TLS configuration of your server for vulnerabilities. If you use outdated versions of TLS or rely on outdated and weak cryptographic primitives, it will be detected by this scanner. Furthermore, the TLS-Scanner is able to detect problems with the certificate in use, and can inform you of weak key lengths and expired certificates, which could allow an attacker to decode communication between you and your customers. The TLS scanner can also test the TLS implementation in use for known attacks such as Insecure Renegotiation, Poodle, or Heartbleed.


Generell:


Certificate:


Encoding:


Protocols:


Attacks:


HTTP-Security-Header-Scanner

The HTTP header of an internet page is exchanged between the client and the server invisibly to the user at every request and response. In the process, the header information influences the behavior of the user’s browser. For the most part, this information is handled independently from the viewed web applications, and is defined by the web server configuration. The HTTP security header scanner now allows you to examine the HTTP header of your web application for insecure configurations. The scanner (crawler) checks the information in the HTTP header of your webpage and compiles a report on any detected vulnerabilities, which would allow attacks to be committed via a fake source-IP address (IP spoofing).


Information-Leakage-Scanner

This scanner searches your web application and creates a report on information leakage vulnerabilities. If your web application is revealing information that has no place in the public domain, it will be documented by this scanner so that you can act as quickly as possible.


Initiative-S Scanner

This Initiative-S scanner checks the domain against blacklists known to us in order to detect phishing, malware, and spam.