Retina Web
Security Scanner

Comprehensive vulnerability scanning for dynamic web applications.

Comprehensive Vulnerability Scanning for Complex Web Applications

powered by AcunetixRetina Web Security Scanner is a comprehensive application security testing solution designed for modern web and mobile applications that are built on technologies such as AJAX, SOAP, WADL, XML, JSON, GWT, and CRUD operations.

With Retina Web Security Scanner, you can automatically crawl and scan off-the-shelf and custom-built websites and web applications for SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF) and over 3,000 other web application vulnerabilities.

  • Crawl web pages that include technologies such as AJAX, SOAP/WDSL, SOAP/ WCF, REST/WADL, XML, JSON, Google Web Toolkit (GWT), and CRUD operations.
  • Cover the OWASP Top 10 most critical web application security risks including SQL Injection, XSS, CSRF, and more.
  • Scan and crawl complex password protected areas automatically, including multi-step, Single Sign-On (SSO), CAPTCHAs, and multi-factor with a built-in login recorder.
  • Audit web applications against a database of more than 1,200 known WordPress core, theme, and plugin vulnerabilities.
  • Scan hundreds of thousands of web pages and applications without interruption, using Retina’s multi-threaded architecture.
Comprehensive Web Crawling

Comprehensive Web Crawling

Accurately crawl most web content such as full HTML5, JavaScript and AJAX-heavy client-side Single Page Applications (SPAs).

Fast & Accurate Scanning

Fast & Accurate Scanning

Test application source code while the application is running enables you to increase vulnerability detection while significantly limiting the number of false positives and negatives.

Uncover Hidden Threats

Uncover Hidden Threats

Discover out-of-band and blind web application vulnerabilities including SQLi, XSS, XXE, SSRF, and more

Automate Complex Logins

Automate Complex Logins

Automatically crawl and scan complex password protected areas including multi-step, SSO, CAPTCHAs and multi-factor. Scan hundreds of thousands of web apps without interruption.


Accurately crawl and scan HTML5 web applications and execute JavaScript.

Scan complex client-side applications that leverage AngularJS, EmberJS and Google Web Toolkit.

Reliably detect advanced DOM-based Cross-site Scripting

Scan for malicious URLs and test popular CMSs such as WordPress, Drupal, Joomla!, and more.

Record complex login events for easy access.


Discover out-of-band and blind vulnerabilities including SQLi, XSS, XXE, SSRF, and more.

Test application source code on the back-end during execution.

Increase vulnerability detection and significantly limit false positive and negative rates.

Pinpoint vulnerability location down to line of code.

100% coverage of back-end applications and high-severity vulnerabilities.


Cut response times with remediation examples and recommendations.

Export results (XML) for integration with a variety of third-party solutions.

Generate reports for developers, business leaders and compliance auditors.

Create virtual patches for Imperva and Fortinet WAFs.