Comprehensive web application security in the cloud

ScanToSecure is an easy to use cloud-based platform that performs a deep scan to security test your website or web application, telling you exactly what needs fixing and how to fix it. Simply point it at your website and it will automatically discover flaws that could leave you dangerously exposed.

Enter your URL for a free scan


Register and sign in using Google or Facebook

Please sign in or create your account using one of our supported identity providers:

Content loading

Verify ownership to scan

Before you run a scan to expose precise details of security vulnerabilities you must verify that you own the site.

Upload an HTML file to your site

  1. Download your verification file.
  2. Upload the file to the root folder of your web server.
  3. Verify that it is correctly set up.
Tell me more about the verification file

The verification file is simply an HTML page containing a unique identifying code that is recognized by ScanToSecure. It will not affect the other pages in your website.

Add a meta tag to your site's homepage

Paste the following text between the <head> tags of your homepage:

Show me an example
<html>
	<head>
		<meta name="scantosecure-site-verification" content="{0}">
		<title>My Title</title>
	</head>
	<body>
		page contents
	</body>
</html>		                                

Add a TXT entry to your domain's DNS records

Copy the text below and in insert it as a new TXT entry in your DNS:

Tell me more about the DNS entry

The DNS entry is simply a unique identifying code that is recognized by ScanToSecure. It does not affect any of your existing DNS records or impact the way visitors access your website. This TXT record should be applied to your domain root which is usually the default option.

Send a verification link to a contact listed in your domain's WHOIS entry

Content loading
  1. Click the button below to send an authorization email to
  2. Click the link in the email to start the scan.

Unfortunately we couldn’t find the email address automatically but we can do it manually if you want. We usually do this quite quickly but it can take a couple of days. Launch the scan to begin the process and look out for an email sent to your technical WHOIS contact.

By clicking the button above you agree to our Terms of Service.

Vulnerability issue details

A proven track record

ScanToSecure is a cloud-based implementation of our desktop software, Netsparker, one of the leading web application security tools since 2010, trusted by more than 100,000 users in business and government, as well as by some of the web's most demanding security professionals.

Comprehensive coverage

ScanToSecure finds and reports security issues such as SQL Injection and Cross-site Scripting (XSS) in web applications regardless of the platform and the technology they are built on. We offer full support for AJAX and JavaScript-based applications, and scanning behind authentication/login.

False-positive free

ScanToSecure is false-positive free, which means that you won’t need a PhD in security testing to verify any vulnerabilities found. Our built-in exploitation engine positively confirms vulnerabilities, leaving you free to spend your time eliminating threats, not proving them.

On demand, no software to install

ScanToSecure runs in the cloud so there’s no software to install or maintain and you can get up and running right away, whether you need to scan one site or a thousand.