Product Advantages
Full Scan Capabilities
Efficiency and Accuracy
Ease of Use
Comprehensive Report

Full Scan Capabilities

Scans the websites and hosts inside and outside Huawei Cloud, supports intranet scanning, intelligently associates assets, and identifies asset fingerprint information.

Ease of Use

VSS performs network-wide scanning with just a single click. Custom scan jobs and classified asset management facilitate risk management and simplify O&M.

Efficiency and Accuracy

With the Web 2.0 Crawler technology and an optimized internal verification mechanism, VSS improves the detection accuracy and fast scanning on critical CVE vulnerabilities.

Comprehensive Report

The vulnerability assessment report aggregates security data and clearly presents asset risks from multiple angles.

Application Scenarios
  • Website Vulnerability Scan

  • Weak Password Scan

  • Middleware Scan

  • Content Moderation

Website Vulnerability Scan

Website Vulnerability Scan

Website vulnerabilities can lead to crippling impact on business and cause financial loss if not found and addressed at the earliest possible time.


Scanning for Common Vulnerabilities

Incorporates a vulnerability rule library for scanning all types of websites and produces comprehensive scan reports.

Scanning for the Latest Critical Vulnerabilities

Security experts analyze the latest critical vulnerabilities and update rules to provide the fastest and most complete CVE vulnerability scan.

Related Services




Weak Password Scan

Host Vulnerability Scan

Hosts bearing critical services may be exposed to vulnerabilities and non-compliant configurations.


In-Depth Scanning

Performs multi-dimensional OS vulnerability detection and configuration checking.

Intranet Scanning

Enterprises can choose to enact an intranet scanning policy on servers.

Related Services




Middleware Scan

Weak Password Scan

Passwords are usually used for remote login to assets such as hosts or middleware. Attackers often use scanning technologies to hack usernames and weak passwords.


Multi-Scenario Applicability

Scans for standard web services, all OSs, and 90% of all middleware, including databases.

Built-in Weak Password Library

Simulates hacker detection of weak passwords. You can also use your own weak password library to detect passwords.

Related Services


Content Moderation

Middleware Scan

Middleware helps develop and integrate complex application software flexibly and efficiently. If a hacker discovers and exploits vulnerabilities in the middleware, the security of the upper layer and lower layer is compromised.


Diverse Scenario Applicability

Supports vulnerability scanning of mainstream web containers, foreground development frameworks, and background microservice stacks, as well as configuration compliance scanning.

Multiple Scan Methods

Chooses standard scan or custom scan to identify the middleware and its version in the server, and discover vulnerabilities and risks.

Related Services





  • Vulnerability Scan

    Enables specialized vulnerability scanning of assets, including web applications, hosts, middleware, and weak passwords.

  • Smart Monitoring

    Monitors the latest network vulnerabilities 24x7, updates scan rules at the earliest possible time, and rapidly detects vulnerabilities in your assets.

Vulnerability Scan

  • Weak passwords

    SSH, RDP, SMB, MySQL, Microsoft SQL Server, MongoDB, Redis, Oracle, DB2, GaussDB, Postgres, and Telnet

  • Front-end vulnerabilities

    SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and URL redirection
  • Information leakage

    Port exposure, directory traversal, backup files, insecure files, insecure HTTP methods, and insecure ports

  • Web injections

    Command injection, code injection, XPath injection, Server-Side Request Forgery (SSRF), and deserialization vulnerabilities
  • File inclusion

    Reading, inclusion, and upload of any file, and XML External Entity attack (XXE attack)

Smart Monitoring

  • Critical vulnerability detection

    Monitors the latest high-risk vulnerabilities and your important assets, locates the affected servers or websites once a high-risk vulnerability is discovered, and provides detailed recommendations for resolving potential security issues.

  • Intelligent scan speed control

    The scan engine adjusts the scan speed based on site load, ensuring service continuity. Harmless scanning prevents dirty data from being written into your databases.

  • Web Content Moderation

    Identifies inappropriate and illicit content to protect your brand image.

  • Baseline Compliance Check

    In compliance with Huawei and CIS benchmarks, checks for weaknesses in security configurations to expose vulnerabilities.

Web Content Moderation

  • Accurate detection

    Quickly and accurately detects non-compliant content using deep learning technologies and a large set of sample libraries.

  • Stability and reliability

    Stays up to date on any breaking news and quickly updates the detection library. VSS has been tested and used over the years across a variety of complex scenarios.

Baseline Compliance Check

  • Multiple baselines

    OS baseline, Nginx, Apache, Tomcat, Docker, and more

  • Account security check

    Checks whether the password complexity and password policy of server accounts meet profile requirements.

  • Check for compliance with benchmarks

    Checks whether baselines comply with Huawei and CIS benchmarks.

  • Database risk detection

    Checks high-risk configurations of databases such as MySQL and MongoDB.

  • Comprehensive Report

    Generates a comprehensive scan report with detected vulnerabilities classified and provides the recommended actions to improve site defenses.

  • Scan Customization

    Customizes scan parameters based on your needs.

Comprehensive Report

  • Professional scan reports

    Provides detailed information, including URLs, vulnerability names, and descriptions, that can be downloaded to a local PC. 

  • Vulnerability classification

    Classifies vulnerabilities by severity and provides recommendations on how to fix each type. 

Scan Customization

  • Customization of login methods

    Chooses the method best suited for you to log in, such as using the account and password or cookies.

  • Custom scan plugins

    Selects specific plugins so you can scan specific types of vulnerabilities and quickly identify risks.

  • Crawler setting

    Sets the crawler user agent (UA) and excludes links from being crawled, enhancing scan security.

  • Scheduled scans

    Customizes the start time of a scan, helping you avoid performance bottlenecks during peak service hours; creates periodic scan jobs based on your needs.

Quick Configuration

Add Asset


Add information about the website or host to be scanned.


Websites: Enter a domain name or IP address to add a website. All websites on the Internet can be scanned. Hosts: ECSs on HUAWEI CLOUD can be added in one-click. For a non-Huawei Cloud host, enter the IP address of the host.

Authenticate Asset


Authenticate asset ownership.


You must authenticate asset ownership before scanning. Select the most appropriate authentication method to simplify your operations.

Scan Asset


Scan websites and hosts from multiple dimensions to discover vulnerabilities. Consider how an attacker would try to hack your assets and perform complete scans, leaving no risk unaddressed.


Scan with one click using default settings or configure more settings to perform a more detailed scan. You can start a scan job immediately or set a periodic scan job.

View Result


View the scan results and download the scan report.


You can view the scan progress in real time. As soon as the scan is complete, you will be notified by SMS or email. Then, you can download the scan report with the recommended mitigations provided.

Usage Guides

Create an Account and Experience HUAWEI CLOUD for Free

Register Now