“About 4 years ago, my team brought Netsparker to my attention and we took it for a spin during a real live penetration test. It did outperform the other established tools we were using in terms of ease of use and also web application vulnerabilities detection rate. It was a breath of fresh air. We found it to be a light, fast and reliable tool with hassle free licensing.” K. K. Mookhey, Network Intelligence’s Founder & Director
Network Intelligence is an ISO 27001 certified PCI DSS QSA, and a well-established provider of information security services and products. Established in 2001, Network Intelligence has a strong reputation of providing top notch information security consultancy, 24/7 security monitoring, and product implementation services to industry leaders both in the Asia-Pacific region as well as other parts of the globe. Their client list includes companies across several different verticals such as banking and financial services, software services, pharmaceutical, telecom, and manufacturing, e-commerce, and government departments.
Network Intelligence’s primary source of income and forte are web application security services.
They do penetration tests and identify vulnerabilities and security flaws in their customers’ websites and web applications. Such a job has a huge responsibility: they cannot afford to miss one single vulnerability, because if a customer’s website is hacked, the repercussions can have a catastrophic effect on their business.
Even though Network Intelligence always did a meticulous job and left no stone unturned when doing a penetration test, they could not afford to not automate some of their processes, especially if they wanted to offer a competitive price and keep up with the demand. Therefore, in their early stages, and for a good number of years, they used automated web security tools; although they encountered several problems which they continuously tried to address.
Most of the security tools they tried were cryptic and difficult to use. Some had a better vulnerability detection rate than the others, but none of them really did the job properly, not to mention that most of them reported false positives. Hence, their concern was that they were spending more time working on the configuration of the tools and verifying their results rather than doing the job and providing the customer with an affordable web application security service and an accurate report.
The requirement that Network Intelligence had when it comes to web application security scanning and services was very simple: to identify all web application vulnerabilities and security flaws.
“Throughout the years we used a number of automated security tools, but we were never really satisfied with their overall performance, hence as soon as we knew about a new automated web application security scanner we wanted to test it to see if it could perform better than the tools we were already using,” said K. K. Mookhey, Network Intelligence’s Founder & Director.
“About four years ago, my team brought Netsparker to my attention and we took it for a spin during a real live penetration test. It did outperform the other established tools we were using in terms of ease of use and also web application vulnerabilities detection rate. It was a breath of fresh air. We found it to be a light, fast and reliable tool with hassle free licensing,” he added.
“Network Intelligence has been using Netsparker for over four years in conjunction with another tool or two, but most of the other automated tools have been discarded because Netsparker was the perfect match,” explained Mookhey.
Network Intelligence scans thousands of websites and custom-built web applications each year and can only keep up with the demand to detect all technical web application vulnerabilities and security flaws thanks to Netsparker’s automation.
“The exploitation engine is a very handy tool,” added Taufiq Ali, Manager (Security Assessment) at Network Intelligence.
“We use it to validate the issues there and then, and to also show the customers the impact a vulnerability can have, without the need of setting up a simulation in a lab," Ali concluded.
The web application industry is a very dynamic one; there is a wide variety of web server software to choose from and a much wider choice when it comes to web frameworks and development languages. And the list keeps on growing every few years, if not months!
Hence, with such a wide variety of customers from different verticals, Network Intelligence encounters them all; Apache, NginX, IIS, Tomcat, JAVA, PHP, .NET, JSF and many others.
This was another deciding factor for them when choosing an automated tool. Could Netsparker scan all these different web applications built with different frameworks and running on a variety of web servers? The answer is a solid YES. Proof of it is that Network Intelligence has been using Netsparker for over four years now.
As most professionals know, having good software means nothing without good support, especially in the web security industry. Things can get quite complicated and you do not want to end up with your back against the wall while working on a critical penetration test.
First-rate support is another reason why Network Intelligence stuck to Netsparker. As K.K. Mookhey says: “The support from Ferruh and his team has always been positive. The responses are almost prompt and always appropriate.”
Netsparker Web Application Security Scanner is an industry leading automated web application security scanner developed by Netsparker Ltd. Netsparker management and engineers have more than a decade of experience in the web application security industry that is reflected in their product. Netsparker is a very easy to use web application security scanner that automates most of the web application security scanning. An out of the box installation of Netsparker is able to scan a wide variety of web applications, therefore web security experts, penetration testers and QA engineers do not need to spend countless amount of hours tweaking and configuring the software. Netsparker is revolutionising web application security by being the only web application security scanner to automatically verify detected web vulnerabilities, thus reporting no false positives. Netsparker is used by world renowned companies such as Samsung, NASA, Skype, ING, ISACA and Ernst & Young.
Network Intelligence is an ISO 27001 certified PCI DSS QSA, well-established provider of information security services and products from India. Incorporated in July 2001, we have established a reputation of providing top notch information security consultancy to industry leaders both in the Asia-Pacific region as well as other parts of the globe. Our client list includes companies across verticals such as banking and financial services, software services, pharmaceutical, telecom, manufacturing, e-commerce, and government departments. Our consultants possess the requisite industry certifications, but more importantly they are equipped with a wide range of skills covering different technologies and environments.