WEB APPLICATION VULNERABILITY ASSESSMENT
Comprehensive vulnerability scanning for dynamic web applications.
Comprehensive Vulnerability Scanning for Complex Web Applications
Retina Web Security Scanner is a comprehensive application security testing solution designed for modern web and mobile applications that are built on technologies such as AJAX, SOAP, WADL, XML, JSON, GWT, and CRUD operations.
With Retina Web Security Scanner, you can automatically crawl and scan off-the-shelf and custom-built websites and web applications for SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF) and over 3,000 other web application vulnerabilities.
- Crawl web pages that include technologies such as AJAX, SOAP/WDSL, SOAP/ WCF, REST/WADL, XML, JSON, Google Web Toolkit (GWT), and CRUD operations.
- Cover the OWASP Top 10 most critical web application security risks including SQL Injection, XSS, CSRF, and more.
- Scan and crawl complex password protected areas automatically, including multi-step, Single Sign-On (SSO), CAPTCHAs, and multi-factor with a built-in login recorder.
- Audit web applications against a database of more than 1,200 known WordPress core, theme, and plugin vulnerabilities.
- Scan hundreds of thousands of web pages and applications without interruption, using Retina’s multi-threaded architecture.
Comprehensive Web Crawling
Fast & Accurate Scanning
Test application source code while the application is running enables you to increase vulnerability detection while significantly limiting the number of false positives and negatives.
Uncover Hidden Threats
Discover out-of-band and blind web application vulnerabilities including SQLi, XSS, XXE, SSRF, and more
Automate Complex Logins
Automatically crawl and scan complex password protected areas including multi-step, SSO, CAPTCHAs and multi-factor. Scan hundreds of thousands of web apps without interruption.
CRAWLING AND SCANNING
Scan complex client-side applications that leverage AngularJS, EmberJS and Google Web Toolkit.
Reliably detect advanced DOM-based Cross-site Scripting
Scan for malicious URLs and test popular CMSs such as WordPress, Drupal, Joomla!, and more.
Record complex login events for easy access.
DETECTING AND ALERTING
Discover out-of-band and blind vulnerabilities including SQLi, XSS, XXE, SSRF, and more.
Test application source code on the back-end during execution.
Increase vulnerability detection and significantly limit false positive and negative rates.
Pinpoint vulnerability location down to line of code.
100% coverage of back-end applications and high-severity vulnerabilities.
REPORTING AND REMEDIATING
Cut response times with remediation examples and recommendations.
Export results (XML) for integration with a variety of third-party solutions.
Generate reports for developers, business leaders and compliance auditors.
Create virtual patches for Imperva and Fortinet WAFs.