Application Security Terminology


Svg Vector Icons : Return to Glossary

Web Application Scanning

Web application scanning, also referred to as web application vulnerability scanning or web application security scanning, crawls a website for vulnerabilities within web applications. Scanning software is called web application scanners or vulnerability scanners. After analyzing all the discoverable web pages and files, the scanner builds a software structure of the entire website. The web application scanner does not have access to the source code; instead of analyzing the code, vulnerability scanners perform simulated attacks against an application and analyze the results. 

2017 Application Security Statistics Report


Web application scanning can be considered a key part of Dynamic Application Security Testing (DAST). It tests the application later in the development lifecycle and after release, in runtime.

Web application testing, or scanning, is a foundational part of DevSecOps

Read more about the importance of web application scanning in our white paper:

Application Security Testing as a Foundation for Secure DevOps

In the WhiteHat blog, read: 

Best Practices in Cyber Vulnerability Assessment