WebScan Service

WebScan Service (WebScan) is used to detect vulnerabilities such as SQL injection, reflected XSS, and CSRF at tenant sites. It helps you inspect potential vulnerabilities in advance and provides suggestions to improve website security, defend against hacker attacks, and avoid capital losses and data leaks

Join the open beta to claim a limited free trial

Intelligent Scanning

Dynamic scanning frequency adjustment prevents service website interruption caused by scanning traffic surges. Scanning rule optimization avoids writing dirty data

Wide Coverage

Supports the scanning rule library and CVE vulnerability library, vulnerability database updates, port scanning, and weak password scanning

High Efficiency

Collaboration of multiple scanning workers shortens scanning time. Fingerprint identification filters scanning cases and reduces requests

Ease of Use

Out-of-the-box service with no installation requirements achieves zero maintenance cost and automatic feature updates

Application Scenarios

  • Official Environment Scanning

  • Test Environment Scanning

  • Automatic Integration Mode

Official Environment Scanning

Official Environment Scanning

The enterprise edition can be used to scan an official website environment to avoid writing dirty data or deleting important data


  • Test Case Optimization

    Scanning test cases are optimized to prevent high-risk operations and detect security vulnerabilities

  • Intelligent Speed Adjustment

    The scanning frequency is dynamically adjusted to prevent service website interruption caused by scanning traffic surges

Test Environment Scanning

Test Environment Scanning

Addresses exceptions such as official domain name access failure or invalid page access through IP addresses in the test environment


  • High Performance

    Domain name and IP address can be bound in the test environment so that you do not have to worry about invalid page access through IP addresses

  • Proxy-enabled Access

    The professional edition allows you to access the test environment using a proxy

Automatic Integration Mode

Automatic Integration Mode

Frequently iterated user websites are scanned in automatic integration mode, reducing the scanning time compared with manual scanning


  • APIs

    After you have published an application, the system automatically invokes an API to create scanning tasks

  • Intelligence

    The system automatically invokes APIs without manual O&M and intervention

Function Description

Web Vulnerability Scan

Detects 22 types of vulnerabilities such as OWASP and WASC vulnerabilities, SQL injection, reflected XSS, and CSRF

Automatic Scanning Rule Update

Automatically updates scanning rules for new vulnerabilities in real time without manual intervention

One-Stop Vulnerability Management

Allows you to rescan tasks to identify whether vulnerabilities are repaired, and download scanning reports

User-Defined Scanning

Supports scheduled scanning, user-defined scanning rules, and user-defined login modes