Security Scans

System & Web Application Scan

Getting your security analysis started quickly

Systems that can be accessed via the internet are particularly vulnerable. Hackers attack both the services and the web applications running on IT systems. We therefore offer two versions of our security scans: the System Security Scan for IT systems and the Web Application Security Scan for web applications. This way you gain a comprehensive understanding of your security level.


What scan types do we offer?


System security scan

Our System Security Scans check your internal and external IT systems (such as web servers, mail servers, file servers) for several thousands of vulnerabilities, always in line with the latest research. We use standardised, internationally recognised scanning procedures and base our review of your scan results on renowned security standards. Scans can be performed externally over the internet (External System Security Scans) or as optional internal scans via a VPN tunnel (Internal System Security Scans).


Web application security scan

With our Web Application Security Scans, you check your external (internet-accessible) and internal web applications for weak points and security vulnerabilities. You’d also like to check the web application “behind the login” and therefore the area with particularly sensitive data, then you need an authenticated scan. For this, you can use our web application security scan, performed from the user perspective by means of access data from you. The web application security scan identifies frequently occurring security gaps, including:

  • Cross-Site Scripting (XSS)
  • SQL, Command und XPath Injections
  • Directory und Path Traversal
  • Security Misconfigurations


Security Scan Facts

Ihr Titel

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

What are the phases of a security scan on web applications?

The Security Scan on web applications consists of two phases:

  1. In the discovery phase, we identify all accessible websites that are to be scanned in the second phase. In doing so, we perform required authentifications, follow the default application paths or leave out those areas of the application that are not designated to be scanned.
  2. In the second phase, we perform the actual tests. The scanner interacts with the application wh ile sending data to it. This may initiate desired and undesired reactions of the application.
Which vulnerabilities in web applications are checked for?

The scan looks for common vulnerabilities, for example:

  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • SQL, Command and XPath Injections
  • Directory and Path Traversal
  • Security Misconfigurations
Does it make sense to combine both types of scans?

Hackers attack both the services that are accessible on an IT system and web applications running on such a system. The combination of both scan types provides you with a complete security overview. Please contact us in this matter.

How often should scans be performed?

In principle, we recommend that IT systems and web applications should be scanned on a regular basis in order to be prepared if new attack scenarios occur. At least quarterly (package of 4 scans) or monthly (package of 12 scans). We use a scan system that checks for thousands of known vulnerabilities and continuously update the list of vulnerabilities.

Do you provide consulting support?

You will not be left alone with the scan result. Our experts will be happy to support you if any questions or problems arise.



Please contact us with any questions or queries.


Phone: +49 6102 8631-190
Contact Form


Daniel Heyne
usd Team Lead Sales,
Security Consultant Pentest, OSCP, OSCE