Heartbleed Vulnerability Tester

Check every web server misconfiguration and avoid heartbleed vulnerabilities in any SSL/TLS certificate.

  • Detect automatically OpenSSL attack vectors in your web application with ease
  • Get extensive reports with mitigation solutions for each vulnerability and integrate with more than 20 systems and tools
  • Fast security assessment with low false positives


Heartbleed vulnerability testing benefits

  • Download PDF, JSON/XML, and CSV reports and share them effortlessly with colleagues, executives, and clients.
  • Reduce your vulnerability to hacking and protect your users from the OWASP Top 10 vulnerabilities.
  • Scan and evaluate the security of third-party components in your online application.
  • Analyze APIs and Microservices security with an automated tool.
  • Integrate our vulnerability scanner into your development process and workflow with ease.


SSL Misconfiguration Reports

The Heartbleed report demonstrates how our automated tool tests, finds, classifies, and recommends fixes for vulnerabilities while saving hours of human security checks and pentest money.

Extensive Vulnerability Findings

The report begins with a vulnerability overview of the scan target, the severity of the disclosed vulnerabilities, and a checklist of exploited attack vectors and scanner status.

Remediation Advice

Each discovered vulnerability has a risk categorization, an explanation, and recommendations for resolving the problem.

Checklist of Findings

Track which exposures have previously been corrected or reported.


Heartbleed Scanner

How to prevent Hearbleed?

First of all, you need to update OpenSSL to the latest version. The following versions fixed the Heartbleed vulnerability:

OpenSSL 1.0.1g
OpenSSL 1.0.0 (not affected)
OpenSSL 0.9.8 (not affected)
E.g., run:

apt-get update; apt-get upgrade # Debian / Ubuntu
yum update # RHeL / CentOS
pacman -Syu # Arch Linux

This step is key because if you’re running vulnerable versions of OpenSSL, the risk of attacks remains.

How did the Heartbleed attack start?

In late 2011, the 31-year-old German engineer Robin Seggelmann contributed the defective Heartbeat functionality to an experimental version of OpenSSL, which lacked a validation method for a variable containing a length. Then its features were sent to OpenSSL for evaluation. However, the developer there missed the flaws as well.

When do the vulnerable versions of OpenSSL start?

Before the problem was found and published, vulnerable versions of OpenSSL had been circulating for more than two years – since March 2012. As a result, computers running previous versions of OpenSSL (before 1.0.1) were unaffected.