Someone at Debian increase security for all Debian servers by breaking debsecan a while ago for everything before Jessie by moving the vulnerability definitions from http://secure-testing.debian.net/debian-secure-testing/project/debsecan/release/1/ to https://security-tracker.debian.org/tracker/debsecan/release/1 Of course there was no way to issue a security fix for Wheezy debsecan...

Workaround 1: Hotfix

So if you still want to scan your Wheezy systems you can hotfix debsecan before running it like this: 
sed -i "s/http:\/\/secure-testing.debian.net\/debian-secure-testing/https:\/\/security-tracker.debian.org\/tracker/;s/project\/debsecan\/release\/1\//debsecan\/release\/1\//" /usr/bin/debsecan

Workaround 2: Pass Config

You can also pass an in-place config file: 
debsecan --config <(echo SOURCE="https://security-tracker.debian.org/tracker/debsecan/release/1/")