- Listen to our monthly AppSec Stats Flash podcast
- LEARN MORE
Web application scanning, also referred to as web application vulnerability scanning or web application security scanning, crawls a website for vulnerabilities within web applications. Scanning software is called web application scanners or vulnerability scanners. After analyzing all the discoverable web pages and files, the scanner builds a software structure of the entire website. The web application scanner does not have access to the source code; instead of analyzing the code, vulnerability scanners perform simulated attacks against an application and analyze the results.
Web application scanning can be considered a key part of Dynamic Application Security Testing (DAST). It tests the application later in the development lifecycle and after release, in runtime.
Web application testing, or scanning, is a foundational part of DevSecOps.