“Netsparker continually executes scans in a more optimized way and delivers actionable results every time. The false-positive free scanning, means that Netsparker has already attempted to validate the finding for itself before it provides the results, thus eliminating the need for our consultants to spend time chasing down false positives.“ Jim Broome, President, DirectDefense.
Founded in 2011, DirectDefense offers security services that are unmatched within the industry. Their core strength is the deep experience in performing security assessments for a wide array of networks, platforms, applications and web applications. DirectDefense’s seasoned consultants are focused on providing world-class security services to their clients. Regardless of industry – aerospace, financial, insurance, retail, hospitality, healthcare, education, gaming, technology or energy and utilities, the wealth of knowledge and experience DirectDefense has assists their customers in achieving their security testing and strategy goals.
As part of their service offerings, DirectDefense provide web applications penetration tests. At a minimum they analyse around 300 web application a month, hence speed and accuracy are major key factors when it comes to web application security. If the tools they use are slow they cannot keep up with the demand and If they report false positives, consultants will waste precious time verifying the scanner findings.
DirectDefense have been using automated web application security scanners since the early days. They have used all of them but since 2011 they started using Netsparker as their main scanner, and prefer to use it unless they are required to use another solution based on their customer’s requirements.
When asked why they use Netsparker Web Application Security Scanner; “In a simple word, SPEED. Netsparker continually executes scans in a more optimized way and delivers actionable results every time. The false-positive free scanning, means that Netsparker has already attempted to validate the findings for itself before it provides the results, thus eliminating the need for our consultants to spend chasing down false positive findings,” said the president of DirectDefense Jim Broome. “This lets our consultants focus on refining their testing and validation of existing vulnerabilities and provide quicker results to our customers.”
Speed, automation and accuracy are some of the reasons why a security firm such as DirectDefense uses an automated web vulnerability scanner, and as per Mr Broome’s words Netsparker has it all;
Speed: It is easy to configure and is one of the faster scanners with regards to scan completion.
Automation: Netsparker is easy to automate and can successfully complete batch scans of 100’s of websites and web applications.
Accuracy: Netsparker produces accurate results time and time again, and when its not 100% sure on a finding, it tells you so. This allows a tester or a consultant to focus on which areas to validate and which areas already have proof of a vulnerability.
Accuracy and adaptability are as important as speed and automation when your clientele consists of major banks and financial institutions. Having such a varied clientele, DirectDefense has seen it all. As Mr Broome says “You name it, we have scanned it!” It could be a .NET, PHP, Spring, Struts or Java web application running on Apache, NGinx or IIS. DirectDefense has seen it and scanned it with Netsparker.
“Netsparker consistently finds and validates SQL injection vulnerabilities faster than any scanner we have ever used. Be it a banking application or a cloud based CRM application, we recommend continual testing, and Netsparker is such a tool to assist with meeting these requirements,” stated DirectDefense’s president.
It is a must to use the right security tools when scanning web applications if you do not want to miss a vulnerability. A malicious attacker only needs to exploit a single vulnerability to gain unauthorized access to the web application and the sensitive data it stores. Web application security is a critical business and one should not forge ahead alone. Hence world class support is also another vital requirement security experts such as DirectDefense have when choosing their tools.
The Netsparker support department is known for its world class support, and Mr Broome confirms this. “Yes, if you have a complex issue or even one that is simple to resolve, the Netsparker support staff is there. Don’t be surprise if you get emailed from Ferruh (the CEO) with recommendations and suggestions.”
He couldn’t have said it better. We thrive to deliver world class support, and if need be even our CEO, who is a seasoned penetration tester himself gets involved in support tickets.
Founded in 2011, DirectDefense offers security services that are unmatched within the industry. Our core strength is our deep experience in performing assessments for a wide array of networks, platforms, and applications. Our seasoned consultants are focused on providing world-class security services to our clients.
Regardless of industry – financial, insurance, retail, hospitality, healthcare, education, gaming, technology, or energy and utilities, our wealth of knowledge and experience can assist you in achieving your security testing and strategy goals.
Netsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive web application security scanners Netsparker Desktop and Netsparker Cloud. Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products. Founded in 2009, Netsparker's automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank and Ernst & Young.