Check your website for OWASP Top 10 vulnerabilities

The OWASP Top 10 is the industry standard for application security, and referred to by web application developers, security auditors, security leads and more.

Detectify's website security scanner performs fully automated testing to identify security issues on your website. It tests your website for over 2000+ security issues, including XSS, Injection and other OWASP Top 10 vulnerabilities. We update the scanner with new security tests every week by utilizing the knowledge of 200+ top ranked ethical hackers.

Scan my website for free

The current OWASP Top 10 Web Application Security Risks:

  • Injection (eg. SQL Injection)
  • Broken Authentication
  • Sensitive Data Exposure
  • XML External Entities (XXE)
  • Broken Access Control
  • Security Misconfigurations
  • Cross-Site Scripting XSS
  • Insecure Deserialization
  • Using Components with Known Vulnerabilities
  • Insufficient Logging and Monitoring

Good enough security stops here. Detectify web security scanner goes beyond the OWASP Top 10 to check for vulnerabilities such as misconfigurations in your email records, CORS and DNS.

Go hack yourself

Try it out for free

Full functionality. No credit card needed. Get up and running in a matter of minutes!

Start your 14-day free trial

OWASP Top 10 test

Detectify provides an easy way for you to see which OWASP Top 10 categories you pass or fail.

Built by white-hat hackers

We work with the best white-hat hackers in the world to make sure that we have the most up-to-date vulnerability scanner.

Fully automated

Press “Scan” and let us test your website for more than 2000 vulnerabilities.

Simple and intuitive

Detectify’s UI is easy to use, making it a great fit for everyone.

The latest security research

We combine crowdsourced security with automation to bring you the latest security tests.

Over 2000 security tests

We check for everything from OWASP Top 10 to brand new vulnerabilities across different technologies.

Customized scans

Test how your code stacks up against different devices and user agents.

Team functionality

Invite your team members to your Detectify account - you control user permissions.

Report exports

Export Detectify findings in a range of different formats for easy sharing.


To make security part of your development process, Detectify integrates with tools like JIRA, Slack and Zapier.

Easy to use scanning

  1. Add and verify ownership of the domain you want to test.

  2. Start a scan.

  3. Your website is tested for 1000+ vulnerabilities.

  4. New vulnerabilities are added to the scanner every week by our ethical hacker network.

  5. You will receive descriptive reports with your security issues.

Go hack yourself

Try it out for free

Get started in a matter of minutes and scan your site as often as you like for 14 days. No credit card required, no strings attached.

Start your free trial