Best Vulnerability Scanner Software

Vulnerability scanners are tools that constantly monitor applications and networks to identify security vulnerabilities. They work by maintaining an up-to-date database of known vulnerabilities, and conduct scans to identify potential exploits. Vulnerability scanners are used by companies to test applications and networks against known vulnerabilities and to identify new vulnerabilities. The scanners typically produce analytical reports detailing the state of an application or network security and provide recommendations to remedy known issues. Some vulnerability scanners work in a similar manner to dynamic application security testing (DAST) tools, but scan tools instead of mimicking attacks or performing penetration tests.

To qualify for inclusion in the Vulnerability Scanner category, a product must:

  • Maintain a database of known vulnerabilities
  • Continuously scan applications for vulnerabilities
  • Produce reports analyzing known vulnerabilities and new exploits
G2 Crowd Grid® for Vulnerability Scanner
Leaders
High Performers
Contenders
Niche
Momentum Leaders
Momentum Score
Market Presence
Satisfaction
Filters
Star Rating

Vulnerability Scanner reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Compare Vulnerability Scanner Software
Results: 54
    G2 Crowd takes pride in showing unbiased ratings on user satisfaction. G2 Crowd does not allow for paid placement in any of our ratings.
    Sort By:

    Built for security practitioners, by security professionals, Nessus Professional is the de-facto industry standard for vulnerability assessment. Nessus performs point-in-time assessments to help security professionals quickly and easily identify and fix vulnerabilities, including software flaws, missing patches, malware, and misconfigurations - across a variety of operating systems, devices and applications. With features such as pre-built policies and templates, customizable reporting, group “snooze” functionality, and real-time updates, Nessus is designed to make vulnerability assessment simple, easy and intuitive. The result: less time and effort to assess, prioritize, and remediate issues.

    Nessus Reviews

    Qualys' integrated approach to IT security and compliance enables organizations of all sizes to successfully achieve both vulnerability management and policy compliance initiatives cohesively. Our solutions empower various roles within the organization to meet your unique requirements. Built on top of Qualys’ Infrastructure and Core Services, the Qualys Cloud Suite incorporates the following applications, all of which are delivered via the cloud: • AssetView • Vulnerability Management • Continuous Monitoring • ThreatPROTECT • Policy Compliance • Security Assessment Questionnaire • PCI Compliance • Web Application Scanning • Web Application Firewall • Malware Detection

    Nexpose, Rapid7’s on-premise option for vulnerability management software, monitors exposures in real-time and adapts to new threats with fresh data, ensuring you can always act at the moment of impact. If you’re looking for more advanced capabilities such as Remediation Workflow and Rapid7's universal Insight Agent, check out our platform-based vulnerability management software, InsightVM.

    Netsparker develops an industry leading automated web application security solution. Available as Windows software, online and on-premises service, the Netsparker scanner can automatically detect SQL Injection, Cross-site Scripting and other vulnerabilities in any type of modern HTML5, Single Page Application (SPA), Web 2.0 web application and web services, regardless of the technology they are built with. The Netsparker scanner does not just report the vulnerabilities, it also generates a proof of exploit confirming they are real and not false positives. Therefore you do not have to waste time manually verifying the scanner’s findings and can easily scale up web application security and scan thousands of websites within a matter of hours. Netsparker is trusted and used by world renowned companies such as Samsung, Ernst & Young, Skype, NASA, ISACA and ING Bank.

    Acunetix leads the market in automatic web security testing technology that accurately scans and audits all web applications, including HTML5, JavaScript and Single Page applications (SPAs). It offers a cost-effective entry into the web scanning market with a simple, scalable, and high availability solution, without compromising quality. Acunetix can report on a wide range of web vulnerabilities, including SQLi and XSS and provides the only technology on the market that can automatically detect out-of-band vulnerabilities. Acunetix also includes integrated vulnerability management features for enterprises to comprehensively manage, prioritise and control vulnerability threats – ordered by business criticality. Used by many Government, Military, Educational, Telecommunications, Banking, Finance, and E-Commerce sectors, including many Fortune 500 companies it is available on Windows, Linux and Online

    AlienVault USM Anywhere is a cloud-based security management solution that accelerates and centralizes threat detection, incident response, and compliance management for your cloud, hybrid cloud, and on-premises environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure. With USM Anywhere, you can rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud. Five Essential Security Capabilities in a Single SaaS Platform AlienVault USM Anywhere provides five essential security capabilities in a single SaaS solution, giving you everything you need for threat detection, incident response, and compliance management—all in a single pane of glass. With USM Anywhere, you can focus on finding and responding to threats, not managing software. An elastic, cloud-based security solution, USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows. 1. Asset Discovery 2. Vulnerability Assessment 3. Intrusion Detection 4. Behavioral Monitoring 5. SIEM

    Burp Suite is a toolkit for web application security testing.

    Insignary Clarity enables proactive scanning of embedded firmware or any binaries for known, preventable security vulnerabilities, and also identifies potential license compliance issues. Clarity uses unique fingerprinting technology, which works on the binary without the source code or reverse engineering, making it simple for companies to take proper, preventive action before the deployment of their products.

    Tenable.io is the only cybersecurity company that empowers customers to gain control of their risk by knowing and prioritizing vulnerabilities across their entire attack surface including traditional, cloud, mobile and DevOps environments.

    Veracode is the world's best automated, on-demand application security testing and code review solution.

    Automatically scan your App Engine apps for common vulnerabilities

    InsightVM, Rapid7’s vulnerability assessment solution, utilizes the power of the Insight platform and the heritage of our award-winning Nexpose product to provide full visibility of your modern ecosystem, prioritize risk using attacker analytics, contain threats, and remediate with SecOps agility. Leveraging InsightVM’s advanced analytics and endpoint technology enables you to discover vulnerabilities in real time and prioritize them actionably. Then, automate remediation by integrating into your IT team’s existing workflows and tools—a process made easy by InsightVM’s 40+ technology integrations.

    Organizations worldwide use Black Duck’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com. com.

    HackerProof is a trustmark that is displayed on a website to build trust and confidence.

    Gemnasium keeps track of projects dependencies and sends notifications of security vulnerabilities or when new versions are available.

    OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

    OUTSCAN™ is an automated vulnerability management solution that scans and secures external networks, allowing companies to protect sensitive data. It analyzes perimeters, detects vulnerabilities, notifies organizations and gives remediation solutions to prevent cybercriminals from penetrating their networks. OUTSCAN™ can fit any size organizations. It is easily deployable as a SaaS solution, but Outpost24 security experts can implement it if needed. Finally, the customer support is available 24/7 to answer every questions and help organizations managing their vulnerabilities and securing their external networks. Know more > https://outpost24.com/external-network-security

    ParosPro is a security scanner software.

    Probe.ly finds vulnerabilities or security issues in web applications and provides guidance on how to fix them. Probe.ly was built having developers in mind. Despite its sleek and intuitive web interface, Probe.ly follows an API-First development approach, providing all features through an API. Probe.ly also offers it's customers a free vulnerability scanner that scans for security issues related to SSL/TLS, Cookie Flags and Security Headers.

    BeyondTrust Retina CS is the only vulnerability management solution designed from the ground up to provide organizations with context-aware vulnerability assessment and risk analysis. Retina’s results-driven architecture works with users to proactively identify security exposures, analyze business impact, and plan and conduct remediation across network, web, mobile, cloud, virtual, and IoT infrastructure. - Discover network, web, mobile, cloud, virtual, and IoT infrastructure - Profile asset configuration and risk potential - Pinpoint vulnerabilities, malware and attacks - Analyze threat potential, return on remediation and more - Isolate high-risk assets through advanced threat analytics - Remediate vulnerabilities through integrated patch management - Report on vulnerabilities, compliance, benchmarks, etc - Protect endpoints against client-side attacks Learn more: https://www.beyondtrust.com/products/retina-cs/

    Provides automated security testing and security scan of web applications to identify vulnerabilities, scans your network and devices and suggest to you recommendations on how they can be fixed, and provides a source code analysis to identify and resolve security weaknesses and vulnerabilities

    Black Duck OpsSight helps you prevent known open source vulnerabilities from being deployed into production environments.

    Order, configure and deploy your Canaries throughout your network. Then you wait. Your Canaries run in the background, waiting for intruders.

    CA Veracode Greenlight brings security scanning right into your IDE as you are coding, returning most scans in seconds. Think of it as your own personal security coach, highlighting the parts of your code that are vulnerable, and providing helpful tips on how to fix it. Becoming a better developer starts with ensuring that you are committing code with the fewest security flaws possible.

    CA Veracode Web Application Scanning (WAS) offers a unified solution to find, secure, and monitor all of your web applications – not just the ones you know about. First, CA Veracode discovers and inventories all of your external web applications, then performs a lightweight scan on thousands of sites in parallel to find critical vulnerabilities and helps you prioritize your biggest risks. As a second step, you can run authenticated scans on critical applications to systematically reduce risk while continuously monitoring your security posture as part of the SDLC. CA Veracode offers multiple scanning technologies on a single platform, so you get unified results, analytics, and increased accuracy

    Open-source container vulnerability analysis service.

    CyberScanner is a cloud-based, advanced website vulnerability scanner designed to empower business owners and non-technical professionals.

    Digital Defense is a cloud-based network & information security that helps organizations establish a culture of security through regular information security assessments, awareness education and decisive security intelligence to reduce risk and keep information, intellectual property and reputations secure.

    edgescan delivers a unique service combining fullstack vulnerability management, asset profiling, alerting and risk metrics.

    GamaScan, is a remote online web vulnerability-assessment service delivered via SaaS (software-as-a-service) and is designed to identify security weaknesses in web applications.

    Helios RXPF is a unique, fully scalable, hardware accelerated pattern matching solution for Security Analytics Acceleration (SAA) and content processing. The solution can be tuned for the desired combination of throughput, rule depth and complexity.

    HIAB(hacker-in-a-box) is our automated, internal vulnerability management system that includes a network vulnerability scanner and web application scanner, built on our proprietary technology.

    ImmuniWeb® AI Platform for Application Security leverages Machine Learning and AI for intelligent automation and acceleration of Application Security Testing (AST). Complemented by scalable and cost-effective manual testing, it detects the most sophisticated vulnerabilities and comes with a zero false-positives SLA. ImmuniWeb® Discovery is a part of the ImmuniWeb AI Platform for Application Security. Leveraging big data and a non-intrusive OSINT reconnaissance technology, it quickly builds a comprehensive list of your external web and mobile apps for actionable inventory, continuous monitoring, risk and compliance management.

    A Proactive Vulnerability Scanner, For Your External Infrastructure: Intruder is a cloud-based vulnerability scanner that finds cyber security weaknesses in your most exposed systems, to avoid costly data breaches.

    Kenna is a software-as-a-service Risk and Vulnerability Intelligence platform that measures risk and prioritizes remediation efforts before an attacker can exploit an organization's weaknesses, it automates the correlation of vulnerability data, threat data, and 0-day data, analyzing security vulnerabilities against active Internet breaches so that InfoSec teams can prioritize remediations and report on their overall risk posture.

    Insights allows you to secure and manage any vulnerabilities, compliance and operational risk that may arise from using open source components.

    Scanners find millions of vulnerabilities in our customers' environments, overwhelming remediation efforts. NetSPI Resolve scales to these massive data needs to help lessen the vulnerability flood.

    Our SaaS Vulnerability Scanner accumulates the power of software discovery that runs against your Internet facing hosts and vulnerability intelligence. We use passive fingerprinting techniques to detect software and its version, running on a particular port, as well as supported functionality. This approach allows us to reliably detect and report critical vulnerabilities, misconfigured services or dangerous applications facing the Internet within your infrastructure. Furthermore, your systems will not suffer service disruptions during vulnerability scans as our passive fingerprinting techniques do not require usage of dangerous exploits. During the scan we will not trigger memory corruption, excessive resources consumption or assertion failures and still will be able to detect if your service is vulnerable to such threats.

    NNT’s Vulnerability Tracker™ is an enterprise-class vulnerability scanning solution that enables organizations to cost-effectively improve their IT posture by focusing your remediation guidance on the assets that pose the highest risk to your network. This solution is designed to be a distributed, fast and accurate vulnerability assessment tool that also identifies breaches of your corporate security policies and statutory regulations. Vulnerability Tracker™ identifies known vulnerabilities within software and configuration settings before they can be exploited by a cyber-attack. Vulnerability Tracker™ continuously tests and assesses your IT network and any device connected to it against 66,000 Network Vulnerability Tests (NVTs). New vulnerabilities are added daily through various content providers and industry trusted resources which include over 11,400 Common Vulnerabilities and Exposure (CVEs), Bugtraq alerts, aggregate compliance rulesets, controls for scan agents and embedded Nmap NSE test routines. NNT Vulnerability Tracker™ helps your organization maximize scanning efficiency with hyper fast scanning technology and fewer false positive. Vulnerability Tracker™ delivers class-leading accuracy, guaranteeing the lowest false positive per scan ratio in the vulnerability scanning market. Our hyper-fast scanning technology means your organization can assess over 50,000 endpoints per 24 hours.

    N-Stalker Web Application Security Scanner X is a web security assessment solution for web applications.

    Reveelium is a threat detection software that monitors user behavior and identifies anomalies that can lead to security breaches.

    Proactive VMware analytics product that helps you discover potential issues before they cause major outages or security incidents.

    As a vulnerability assessment solution, SAINTs security research and development efforts focus on investigation, triage, prioritization and coverage of vulnerabilities of the highest severity and importance to our customers.

    Detect security flaws in your website or web application and avoid being hacked. HTTPCS Security puts Machine Learning at the service of your cyber security to protect your site against hacking and data leaks.

    SecurityMetrics Perimeter Scan's regularly updated scan engine identifies external network vulnerabilities so you can keep your data safe. Vulnerability scanning identifies top risks such as misconfigured firewalls, malware hazards, remote access vulnerabilities, and can be used for cyber security or compliance mandates like PCI DSS and HIPAA.

    Snyk is a security solution designed to find and fix vulnerabilities in Node.js and Ruby apps.

    SOCVue Vulnerability Management is a service that helps reduce attack surface by proactively identifying vulnerabilities across IT environment, prioritizing them based on business impact and risk, and providing remediation guidance to save significant time and reducing operational costs.

    Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.

    The Network Vulnerability Scanning Service uses a self-developed vulnerability scanner to perform comprehensive security vulnerability scanning on specified target systems. The service relies on a powerful vulnerability database and 100,000+ vulnerability detection scripts to drill down into various security vulnerabilities. All kinds of scanning items are strictly tested by security experts, and timely follow up on the newly exposed security vulnerabilities on the network to ensure the accuracy and timeliness of scanning.