Scan Web Applications for SQLI, RXSS, LFI, RFI, CRLF and 25+ more with Netsparker Cloud Scanner
Your website security is essential to your online business. Having misconfiguration or not properly hardened your web/application servers can put your web applications at risk.
Thousands of website get hacked every day and recent research by Netsparker shows the top 3 most popular vulnerabilities are XSS, SQL Injection & File Inclusion.
As a website owner or security administrator, you should explore all options to ensure your online business is secure from hacker to avoid business loss and reputation.
In this article, I will explain how you could use netsparker cloud to scan your website for security vulnerabilities so you can take action before someone else find.
Netsparker is FREE Online Scan for Open Source Projects.
Following abbreviations are used below: –
- SQLI – SQL Injection
- RXSS – Remote Cross-Site Scripting
- XSS – Cross-Site Scripting
- LFI – Local File Inclusion
- RFI – Remote File Inclusion
- CRLF – Carriage Return and Line Feed
Let’s get it started…
Once your account is ready, log in with your credential to Netsparker Cloud. You will get the beautiful dashboard to setup your web URL to start scan
- Click on Scans >> New Scan at left navigation
- Enter your website details and click no Save
- You will need to verify the ownership to avoid the abuse. You may either verify using Email, File upload, HTML tag or DNS record.
- Choose the verification method you prefer and click on verify
- On next window, you will be given an option to configure the scan
- Go through them and select the one you prefer.
- Important to select the scope whether you want to scan only entered URL or the whole domain.
- Once you are done with the configuration, click on Launch
- Next screen, you will see the scan progress.
Time to take a coffee 🙂
Meanwhile, you can check out some other FREE Online Security Vulnerability Scanner.
Once the scan is started, email with a link of will also notifies you “scan status view”. So don’t worry if you close the browser. You can always check your email and go to a status page.
- The scan may take few hours if you have selected to scan “Whole site” so keep patience. Once a scan is done, an email will notify you.
- Upon login, you will also see those details in the nice dashboard with severities, vulnerabilities for you to take action.
You can also export the report by following in XML, CSV, PDF or HTML format.
- Detailed Scan Report
- Vulnerabilities List
- Crawled URLs
- Scanned URLs
Here is how executive summary looks like.
Not good, I got to fix them shortly.
How about you? Haven’t you done the scanning yet, go ahead and explore the vulnerabilities and fix them before bad guys find and make your website unavailable.