Help the communities most affected by the California wildfires in only a few minutes. We'll donate $10 for every review you submit.

Best Vulnerability Scanner Software

Vulnerability scanners are tools that constantly monitor applications and networks to identify security vulnerabilities. They work by maintaining an up-to-date database of known vulnerabilities, and conduct scans to identify potential exploits. Vulnerability scanners are used by companies to test applications and networks against known vulnerabilities and to identify new vulnerabilities. The scanners typically produce analytical reports detailing the state of an application or network security and provide recommendations to remedy known issues. Some vulnerability scanners work in a similar manner to dynamic application security testing (DAST) tools, but scan tools instead of mimicking attacks or performing penetration tests.

To qualify for inclusion in the Vulnerability Scanner category, a product must:

  • Maintain a database of known vulnerabilities
  • Continuously scan applications for vulnerabilities
  • Produce reports analyzing known vulnerabilities and new exploits
G2 Crowd Grid® for Vulnerability Scanner
Leaders
High Performers
Contenders
Niche
Momentum Leaders
Momentum Score
Market Presence
Satisfaction
Filters
Star Rating

Vulnerability Scanner reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Compare Vulnerability Scanner Software
Results: 45
    G2 Crowd takes pride in showing unbiased ratings on user satisfaction. G2 Crowd does not allow for paid placement in any of our ratings.
    Sort By:

    Built for security practitioners, by security professionals, Nessus Professional is the de-facto industry standard for vulnerability assessment. Nessus performs point-in-time assessments to help security professionals quickly and easily identify and fix vulnerabilities, including software flaws, missing patches, malware, and misconfigurations - across a variety of operating systems, devices and applications. With features such as pre-built policies and templates, customizable reporting, group “snooze” functionality, and real-time updates, Nessus is designed to make vulnerability assessment simple, easy and intuitive. The result: less time and effort to assess, prioritize, and remediate issues.


    Finds and destroys spyware, malware, adware and other malicious software


    Qualys' integrated approach to IT security and compliance enables organizations of all sizes to successfully achieve both vulnerability management and policy compliance initiatives cohesively. Our solutions empower various roles within the organization to meet your unique requirements. Built on top of Qualys’ Infrastructure and Core Services, the Qualys Cloud Suite incorporates the following applications, all of which are delivered via the cloud: • AssetView • Vulnerability Management • Continuous Monitoring • ThreatPROTECT • Policy Compliance • Security Assessment Questionnaire • PCI Compliance • Web Application Scanning • Web Application Firewall • Malware Detection


    Acunetix leads the market in automatic web security testing technology that accurately scans and audits all web applications, including HTML5, JavaScript and Single Page applications (SPAs). It offers a cost-effective entry into the web scanning market with a simple, scalable, and high availability solution, without compromising quality. Acunetix can report on a wide range of web vulnerabilities, including SQLi and XSS and provides the only technology on the market that can automatically detect out-of-band vulnerabilities. Acunetix also includes integrated vulnerability management features for enterprises to comprehensively manage, prioritise and control vulnerability threats – ordered by business criticality. Used by many Government, Military, Educational, Telecommunications, Banking, Finance, and E-Commerce sectors, including many Fortune 500 companies it is available on Windows, Linux and Online


    WebSphere Application Server is a software product that performs the role of a web application server. It is a software framework and middleware that hosts Java based web applications.


    AlienVault USM Anywhere is a cloud-based security management solution that accelerates and centralizes threat detection, incident response, and compliance management for your cloud, hybrid cloud, and on-premises environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure. With USM Anywhere, you can rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud. Five Essential Security Capabilities in a Single SaaS Platform AlienVault USM Anywhere provides five essential security capabilities in a single SaaS solution, giving you everything you need for threat detection, incident response, and compliance management—all in a single pane of glass. With USM Anywhere, you can focus on finding and responding to threats, not managing software. An elastic, cloud-based security solution, USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows. 1. Asset Discovery 2. Vulnerability Assessment 3. Intrusion Detection 4. Behavioral Monitoring 5. SIEM


    Netsparker develops an industry leading automated web application security solution. Available as Windows software, online and on-premises service, the Netsparker scanner can automatically detect SQL Injection, Cross-site Scripting and other vulnerabilities in any type of modern HTML5, Single Page Application (SPA), Web 2.0 web application and web services, regardless of the technology they are built with. The Netsparker scanner does not just report the vulnerabilities, it also generates a proof of exploit confirming they are real and not false positives. Therefore you do not have to waste time manually verifying the scanner’s findings and can easily scale up web application security and scan thousands of websites within a matter of hours. Netsparker is trusted and used by world renowned companies such as Samsung, Ernst & Young, Skype, NASA, ISACA and ING Bank.


    Burp Suite is a toolkit for web application security testing.


    Insignary Clarity enables proactive scanning of embedded firmware or any binaries for known, preventable security vulnerabilities, and also identifies potential license compliance issues. Clarity uses unique fingerprinting technology, which works on the binary without the source code or reverse engineering, making it simple for companies to take proper, preventive action before the deployment of their products.


    Automatically scan your App Engine apps for common vulnerabilities


    Organizations worldwide use Black Duck’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com. com.


    Gemnasium keeps track of projects dependencies and sends notifications of security vulnerabilities or when new versions are available.


    OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.


    OUTSCAN™ is an automated vulnerability management solution that scans and secures external networks, allowing companies to protect sensitive data. It analyzes perimeters, detects vulnerabilities, notifies organizations and gives remediation solutions to prevent cybercriminals from penetrating their networks. OUTSCAN™ can fit any size organizations. It is easily deployable as a SaaS solution, but Outpost24 security experts can implement it if needed. Finally, the customer support is available 24/7 to answer every questions and help organizations managing their vulnerabilities and securing their external networks. Know more > https://outpost24.com/external-network-security


    ParosPro is a security scanner software.


    BeyondTrust Retina CS is the only vulnerability management solution designed from the ground up to provide organizations with context-aware vulnerability assessment and risk analysis. Retina’s results-driven architecture works with users to proactively identify security exposures, analyze business impact, and plan and conduct remediation across network, web, mobile, cloud, virtual, and IoT infrastructure. - Discover network, web, mobile, cloud, virtual, and IoT infrastructure - Profile asset configuration and risk potential - Pinpoint vulnerabilities, malware and attacks - Analyze threat potential, return on remediation and more - Isolate high-risk assets through advanced threat analytics - Remediate vulnerabilities through integrated patch management - Report on vulnerabilities, compliance, benchmarks, etc - Protect endpoints against client-side attacks Learn more: https://www.beyondtrust.com/products/retina-cs/


    Tenable.io is the only cybersecurity company that empowers customers to gain control of their risk by knowing and prioritizing vulnerabilities across their entire attack surface including traditional, cloud, mobile and DevOps environments.


    Black Duck OpsSight helps you prevent known open source vulnerabilities from being deployed into production environments.


    Order, configure and deploy your Canaries throughout your network. Then you wait. Your Canaries run in the background, waiting for intruders.


    CA Veracode Greenlight brings security scanning right into your IDE as you are coding, returning most scans in seconds. Think of it as your own personal security coach, highlighting the parts of your code that are vulnerable, and providing helpful tips on how to fix it. Becoming a better developer starts with ensuring that you are committing code with the fewest security flaws possible.


    CA Veracode Web Application Scanning (WAS) offers a unified solution to find, secure, and monitor all of your web applications – not just the ones you know about. First, CA Veracode discovers and inventories all of your external web applications, then performs a lightweight scan on thousands of sites in parallel to find critical vulnerabilities and helps you prioritize your biggest risks. As a second step, you can run authenticated scans on critical applications to systematically reduce risk while continuously monitoring your security posture as part of the SDLC. CA Veracode offers multiple scanning technologies on a single platform, so you get unified results, analytics, and increased accuracy


    HackerProof is a trustmark that is displayed on a website to build trust and confidence.


    Digital Defense is a cloud-based network & information security that helps organizations establish a culture of security through regular information security assessments, awareness education and decisive security intelligence to reduce risk and keep information, intellectual property and reputations secure.


    edgescan delivers a unique service combining fullstack vulnerability management, asset profiling, alerting and risk metrics.


    GamaScan, is a remote online web vulnerability-assessment service delivered via SaaS (software-as-a-service) and is designed to identify security weaknesses in web applications.


    Helios RXPF is a unique, fully scalable, hardware accelerated pattern matching solution for Security Analytics Acceleration (SAA) and content processing. The solution can be tuned for the desired combination of throughput, rule depth and complexity.


    HIAB(hacker-in-a-box) is our automated, internal vulnerability management system that includes a network vulnerability scanner and web application scanner, built on our proprietary technology.


    ImmuniWeb® AI Platform for Application Security leverages Machine Learning and AI for intelligent automation and acceleration of Application Security Testing (AST). Complemented by scalable and cost-effective manual testing, it detects the most sophisticated vulnerabilities and comes with a zero false-positives SLA. ImmuniWeb® Discovery is a part of the ImmuniWeb AI Platform for Application Security. Leveraging big data and a non-intrusive OSINT reconnaissance technology, it quickly builds a comprehensive list of your external web and mobile apps for actionable inventory, continuous monitoring, risk and compliance management.


    Continuously identify and assess risk across your cloud, virtual, remote, local, and containerized infrastructure. Leverage unparalleled attacker analytics to prioritize vulns more precisely with a Real Risk score that goes beyond just CVSS. Break down the silos between IT, security, and development to streamline and automate remediation efforts.


    A Proactive Vulnerability Scanner, For Your External Infrastructure: Intruder is a cloud-based vulnerability scanner that finds cyber security weaknesses in your most exposed systems, to avoid costly data breaches.


    Kenna is a software-as-a-service Risk and Vulnerability Intelligence platform that measures risk and prioritizes remediation efforts before an attacker can exploit an organization's weaknesses, it automates the correlation of vulnerability data, threat data, and 0-day data, analyzing security vulnerabilities against active Internet breaches so that InfoSec teams can prioritize remediations and report on their overall risk posture.


    Insights allows you to secure and manage any vulnerabilities, compliance and operational risk that may arise from using open source components.


    Our SaaS Vulnerability Scanner accumulates the power of software discovery that runs against your Internet facing hosts and vulnerability intelligence. We use passive fingerprinting techniques to detect software and its version, running on a particular port, as well as supported functionality. This approach allows us to reliably detect and report critical vulnerabilities, misconfigured services or dangerous applications facing the Internet within your infrastructure. Furthermore, your systems will not suffer service disruptions during vulnerability scans as our passive fingerprinting techniques do not require usage of dangerous exploits. During the scan we will not trigger memory corruption, excessive resources consumption or assertion failures and still will be able to detect if your service is vulnerable to such threats.


    N-Stalker Web Application Security Scanner X is a web security assessment solution for web applications.


    Probe.ly finds vulnerabilities or security issues in web applications and provides guidance on how to fix them. Probe.ly was built having developers in mind. Despite its sleek and intuitive web interface, Probe.ly follows an API-First development approach, providing all features through an API.


    Reveelium is a threat detection software that monitors user behavior and identifies anomalies that can lead to security breaches.


    Proactive VMware analytics product that helps you discover potential issues before they cause major outages or security incidents.


    SOCVue Vulnerability Management is a service that helps reduce attack surface by proactively identifying vulnerabilities across IT environment, prioritizing them based on business impact and risk, and providing remediation guidance to save significant time and reducing operational costs.


    Provides automated security testing and security scan of web applications to identify vulnerabilities, scans your network and devices and suggest to you recommendations on how they can be fixed, and provides a source code analysis to identify and resolve security weaknesses and vulnerabilities


    Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.


    Veracode is the world's best automated, on-demand application security testing and code review solution.


    Wapiti allows you to audit the security of your websites or web applications. It performs "black-box" scans (it does not study the source code) of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data.


    A lightweight plugin agent that protects against the known attack vectors found in 2013 and 2017 OWASP Top Ten, SANS Top 25, Other common exploits


    WhiteHat Sentinel Dynamic is a software-as-a-service platform for dynamic application security testing (DAST).


    Zerocopter enables you to confidently leverage the skills of the world's most knowledgable ethical hackers to secure your applications.