Does the website scanner check for OWASP Top 10 vunerabilities?

The Cyber Safety website scanner is able to scan for the 2017 OWASP Top 10, searching for a wide range of vulnerabilities that belong to the different OWASP Top 10 categories.


All scan levels, except for the Lighting, check for the Top 10 vulnerabilities, except for A10 Insufficient Logging & Monitoring


You can choose an OWASP Top 10 Compliance Report after the scan, which includes a table indicating which areas of the Top 10 were Tested and which ones Passed (or failed). 


Testing for A10 would require the scanner to have access to your system logs to check if requests to your server are being logged (and with the adequate content). It would also require access to any monitoring tool you have to check if alarms are raised when an attack is performed.
It is not possible for a scanner to check for these unless they have administrative/root access to your systems.

Note: if you find a scanner that states A10 verification, you should request details on the process before you sign up for that scan.

Have more questions? Submit a request