Indusface Web Application Scanning helps detect web
application vulnerabilities, malware, and logical flaws with daily or
on-demand comprehensive scanning. Managed by certified
security experts, Indusface application scanner helps
organizations find greater business impact of logical flaws with
detailed demonstrations through proof-of-concept.

Our Value
Free Website Scanner

Best Coverage

The new age scanner is built ground up,
keeping new web technologies in mind to
provide complete & intelligent crawling; this
includes .js heavy and new age single page
Integration with Indusface WAF ensures the
uncrawled areas automatically get added
into the tests for complete coverage based
on live feeds from live traffic.

Website Penetration Testing

Deep & Intelligent Scanning

Best and continuous improvements to
automated findings with feeds from
penetration testing test cases. Pluggable
architecture to add new signatures to ensure
automated coverages are continuously
improved, accurate with no false positve to
give best coverage and security assessment.
Co-relation with protection status withWAF
and instant virtual patching with no false
positives to ensure the window of exposure to
the vulnerbility is significantly minimized

Indusface Support


Backed by 24×7 support to provide
remediation guidelines by experts in addition
to what is provided by the product. Proof of
concept support to ensure zero false


“Indusface’s hybrid approach to web application penetration testing provides rich
in-depth automated scanning technology with human intelligence which helps address the most challenging web security issues on a daily basis. This product has a unique centralized vulnerability management facility
which gives us a single view of our security posture, thereby enabling us to effectively manage vulnerabilities using a single
management dashboard.”

Axis Bank - CISO

“We use Indusface Web Application Scanning
(WAS) for vulnerability assessment that
provides us insights into our application
security risk. One of the key reasons of
our partnership with Indusface is their
ability to continuously keep innovating
around detection, using automated scanners,
up and beyond OWASP top 10. It’s imperative
to expect minimum false positives from
automated scanner, which Indusface delivers
consistently. All the best to Indusface.”


Unlimited App Scanning

Unlimited App Scanning

Daily or on-demand web application scanning to detect vulnerabilities.

Comprehensive security audit to get security posture of multiple web applications.

Business Logic Vulnerability Checks

Business Logic Vulnerability Checks

Extensive auditing for application specific business logical vulnerabilities.

Support on functional understanding of logical flaws for in-depth security audit.

OWASP Top 10 Detection

OWASP Top 10 & WASC Detection

Efficiently detect most common application vulnerabilities validated by OWASP and WASC.

On-going detection of new vulnerabilities as a result of application changes & updates.

Zero False Positives

Zero False Positives

Removal of any potential false positives that are found from scanning.

Zero Downtime Quick On-Boarding

Malware Monitoring

Ongoing monitoring of malware attack vectors and sophistication of newly discovered malware that have been effectively used and deployed by hackers.

Also detects dead or inactive malware by monitoring external JavaScript and hidden iframes placed on an application.

Managed DDoS Protection

Blacklisting Detection

Ensures blacklisting tracking on popular search engines and other platforms.

External URL blacklisting check helps you to protect your customers from visiting “hacked” or “infected” applications which can potentially transfer malware into your applications.

Flexible Deployment

Defacement Protection

Continuously checks application for changes and detects possible defacement changes.

Daily defacement checks protect the brand, credibility and reputation of an organization.

Informative Dashboard

Informative Dashboard

Comprehensive synopsis of reported vulnerabilities and malware along with support options in predefined report formats.

Customized reporting feature allows a user to create custom reports based on desired fields and format.

Proof of Concept

Unlimited proof-of-concepts to be provided.

Managed by Security Experts

Managed by Security Experts

Security experts mimic exploitations from real hackers to help identify risks in real-time.

Demonstration of business impact of vulnerabilities exploiting series of logical weaknesses within application.

Indusface Trust Seal

Exclusive Indusface seal on your website certifying daily web application scanning.

Increases trust in users, visitors, and consumers in your web security.

Plan Comparison
WAS Advanced
WAS Premium
Full Support of HTML5, AJAX and JSON
No. of Pages Scanned
No. of Application Credentials
Unlimited Application Scans
OWASP Top 10 and WASC Detection
Zero False Positives
Malware Monitoring
Blacklisting Detection
Defacement Protection
Manual verification of Vulnerabilities by experts
Upto 5
Remediation Guidance to fix vulnerabilities
Vulnerability Revalidation checks
Informative Dashboard
Indusface Trust Seal
Managed by Security Experts
PCI DSS and CERT compliant Manual Penetration Testing by expert
Technical & Customer Support (email & phone)
ISO 27001 Certified Support Centre

Frequently Asked Questions

Web Application Scanning is a zero touch, non- intrusive, cloud based solution, which helps safeguard web applications by continuous and comprehensive scanning for vulnerabilities and malware. It comprises of two variants:-

  • Web Application Scanning Advanced provides organisations with a comprehensive security posture snapshot of their web applications risk exposure on a continuous basis, with the help of automated testing combined with security expert validated proof of concept (POC) support and elimination of false positives.
  • Web Application Scanning Premium provides in-depth web application penetration testing for mission critical enterprise websites that need a broad and in depth security coverage addressed by continuous automated web application scanning combined with security expert validated business logic checks, proof of concept support and elimination of false positives.

WAS is a complete scanning tool. It offers vulnerability assessment, application audit and malware monitoring. It is a zero touch, non-intrusive cloud-based solution that provides daily monitoring for web applications, checking for systems and application vulnerabilities, and malware. One of the key aspects of WAS is its ability to detect malware and defacements of websites.

No changes are required on the website either. The monitoring is done remotely and we can detect both known as well as unknown malware in website. We have been researching and innovating for a couple of years in this area and are the best in class for such technology. We have dedicated our research, engineering and development teams to track latest malwares, threats and their behavior. It allows us to constantly refine and improve our technology and solutions to serve our customers better.

It is activated online over the web itself and the customer receives a notification via email with details of the activation. There is no need to download the software into your computer.

The Web Application Scanning tool is architected on globally accepted best practices such as OWASP, OSSTMM, SANS and NIST using a combination of tools and manual techniques through certified analysts. It is hosted and delivered from SAS 70 Type 2 certified secure data center.

The presence of an Indusface seal certifies that the particular website is scanned and certified on a daily basis to pass the Web Application Security Scan. The “live” Indusface ‘Tested’ Seal appears on the website with that day’s corresponding date only when the website passes the daily Web Application Scanning. This assists the website owners to gain the trust of their customers who feel safe when accessing such websites. Criteria of a ‘PASS’ scan means that the web application is free of any vulnerabilities. A criterion of a ‘FAIL’ Scan status means that vulnerabilities are present, and some of them have a severity of 4 which is HIGH or which is CRITICAL. If any kinds of vulnerabilities or malwares are found on the website, the secure site seal will be there on the website for next 72 hrs but the date will not be updated till the risk or threat is over. If the website owner does not take any action or however, if the errors are not fixed even after 72 hrs, the secure site seal will disappear though the scanning will still continue. Once the error is fixed and there are no vulnerabilities or malwares found on the website, the secure site seal will reappear on its own with the updated date and the mention of ‘ TESTED’ again beside it.

  • On confirmation of purchase, you can register your website(s) using the license key provided to you or our sales representative can register your website on behalf of you.
  • You will then receive an activation confirmation. Click on the activation link, put in any additional information.
  • On completion, your website is ready for scanning and you will get the reports of your choice e-mailed to you and the colleagues who you choose to be in the loop.

In order to deactivate one’s account the user has to send an email to your account manager or to

Yes, we provide a free trial for 1 day. Please contact a sales representative at This e-mail address is being protected from spambots. Post the trial you can contact

The scan profiles are defined after an in-depth research to ensure minimal load is generated on the customer’s application infrastructure. WAS scan profiles are light, non-intrusive and with a comprehensive coverage of vulnerabilities. Hence, the load generated on the website in minimal. DOS/DDOS attacks are excluded from the scan profile.

Once your account is activated with Web Application Scanning, your web developer or website administrator can download the secure site seal script from your online account and add it to the appropriate pages. Once done, the secure site seal will appear immediately on the desired pages, once your website has successfully cleared the Web Application Scanning and tests.

Our scan engine scans the website from various perspectives under services like Vulnerability Assessment, Application Audit and Malware Monitoring. The scan also ensures that there are no malwares or vulnerabilities in the website. If any vulnerability is found while scanning, it is notified to the user through the reports as well as in the Security Information Centre.

The user is then expected to take prompt action to get rid of the malware or vulnerability. The presence of the Indusface secure site seal on the website depends on the scan results. If there is any kind of malware or vulnerability with severity 4 (HIGH) or 5 (CRITICAL) found on the website, the date on the secure site seal will stop changing but the secure site seal will stay for the next 72 hours. If the error is still not resolved / fixed, the secure site seal will go off in 72 hours.

In order to make a website hack-proof, one would have to try to break into it in much the same way as a hacker would. In other words, the Web Application Scanning on some occasions could indeed be detected as a malicious attack on the IDS/IPS under network scan. What is of greater significance however; is that some of the scans may go undetected even by IDS/IPS as it continues to focus on attack vectors hitherto for unknown. In the end, the objective is to find vulnerabilities that could make your website susceptible to attacks.

  • The scan engines secure your website from Web Application, System and Network Vulnerabilities, and Malwares.
  • Vulnerabilities related to web application, such as XSS, Redirections, and injection attacks.
  • Vulnerabilities related to systems such as web application server, incorrect server configurations, weak system access password, system patches and access control.
  • Malware Monitoring checks for any presence of malware or malign scripts on the web site that may affect the visitors visiting the website.

it is a zero-touch solution which does not require any installation or updating of any kind of application for it to scan and hence no hardware or software installation is required to begin using Web Application Scanning.

Yes. The function of the antivirus is to protect your server against the incoming known viruses, worms and trojans. The Web Application Scanning monitors your website from the outside to detect and report any vulnerability or weakness that would allow unauthorized access to your site. Such vulnerabilities need not arise only because of a malicious code, but they could infect a site through a legitimate software or equipment that is either poorly configured or not updated regularly. Web Application Scanning complements an anti-virus solution in protecting one’s website.

Web Application Scanning provides every valid account an online web based Security Information Centre, which provides a comprehensive snapshot of reported vulnerabilities and malware, remediation suggestions as well as several alert and support options.

The key benefits of website application security scanning is that it helps organizations achieve compliance, increases customer confidence and trust, reduces overhead expenses towards managing website downtime and also legal battles or other related implications due to lax security measures.

  • Higher financial returns
  • Faster time to market
  • Improved processes
  • Reduction in costs (Capital/ recurring/ sales cost)
  • Enhanced productivity
  • Customer satisfaction & loyalty