"Like everyone else we evaluated Netsparker along with a number of other commercial scanners, though we immediately noticed that Netsparker was what we were looking for," Henk-Jan, SECWATCH Founder.
SECWATCH is a Dutch based company that provides penetration testing, security auditing and compliance checks to a variety of organizations in Holland and abroad, ranging from small businesses to enterprises. They have been leading the security industry for a number of years now because of their unique approach, and the clear and practical advice and remediation suggestions they provide to their customers.
The Challenge to Provide Efficient and Affordable Web Application Security Audits
As part of their service offerings, SECWATCH does web application security audits. Originally the company started off by using a combination of open source web security tools and manual web application security audits.
As the demand for their web security services grew, and the web applications they were auditing became bigger and more complex, they encountered two main pitfalls:
- Security tests were taking much longer to complete, thus becoming unaffordable.
- The open source tools did not cope well with the size and complexity of the enterprise level web applications they were auditing.
- Professional and reliable support was not available for the open source tools they were using.
"We were doing manual web security audits with a variety of open source security scanners and manual validation testing. As web applications became more complex, we noticed that the tools started reporting a lot of both false positives and false negatives," said Henk-Jan, Founder of SECWATCH.
"The scan results that the tools were producing impacted our procedures and also our prices. The more complex the web applications were, the more time we were spending to perform manual checks of the scanners' results, making the whole process too complex and expensive," he added.
Moving Towards Automated and Cost Effective Web Vulnerability Scanning
Because of the problems SECWATCH were encountering while delivering their web application security services, and to ensure they could continue to provide top quality service at an affordable price, they had to look for an automated web vulnerability scanner.
Like many other organizations who needed such a tool, SECWATCH were not just looking for a good web vulnerability scanner; they were looking for a complete solution.
They needed a software that enabled them to automate the process and save time by producing accurate results, and a software company that was always there when they needed support.
Switching to Netsparker Web Application Security Scanner
"Like everyone else we evaluated Netsparker along with a number of other commercial scanners, though we immediately noticed that Netsparker was what we were looking for," said Henk-Jan.
"To start off with, it detected web vulnerabilities that other solutions did not detect. It is easy to use and setup, it generates easy to read findings and reports that we can implement into our base workflows. Netsparker pricing also allowed us to keep on providing web security audits, which include manual testing and validation at an affordable price," he explained.
Sticking to Netsparker Web Application Security Scanner
As many security professionals know well, web application security is not a straightforward business. So when buying a web vulnerability scanner it is not just about how good the scanner is, and how many vulnerabilities it can detect, but it is also about the support the software company can provide you with and the continuous development of the scanner.
SECWATCH has been using Netsparker alongside several other tools for over three years, with Netsparker being the leading tool for web security audits. They do not intend to switch to another solution any time soon, because as Henk-Jan states: "We have contacted Netsparker support several times, because when using such an advanced tool it is normal to question some things, or even some results sometimes. Netsparker's support response has always been beyond expectation in terms of time, availability and providing the actual solution".
Netsparker also releases updates and new product versions frequently to ensure that all of its users can stay a step ahead of malicious attackers.
Each new update and version contains new web application security tests and a number of features that enables its users to automate the process as much as possible.
SECWATCH specializes in providing solutions for information and network security. SECWATCH unique approach and vision ensures that your business is optimally protected. SECWATCH not only look at the hardware and software solutions, but also to the organizational aspects, such as a solid security and enforcement. SECWATCH sees information security as an integral business process and therefore in addition to technical recommendations they give advice in the areas of management, organizational and business structure. And this makes SECWATCH approach unique in the industry.