"We like Netsparker not only because it is able to be configured quickly, but also the scans themselves are completed quickly, reliably and without false positives (a large timesaver in and of itself)."
Scanning web applications at scale is arguably one of the more confronting challenges for any web security professional. This interview, with Sumeru's Lead Penetration Tester, explains why he selected Netsparker above other solutions, to manage, automate and accelerate the security scanning of their clients' websites.
Can you tell us a little about Sumeru Solutions and your role within the company?
Sure, I’m an Information Security Analyst with Sumeru. We’ve been in the Information Technology Services business for a little over a decade. We actually started out quite small – just 3-4 individuals making great software.
We now have clients worldwide – 22 countries to be exact – who rely on us for their web application services, information security and business process management needs.
Our clients include entrepreneurs, banks, hotels, airlines, political parties and more. We’re very passionate about what we do and have a strong sense of purpose.
We presently have three offices: one in the US, one in the UK and one in India. Also, we also have a joint venture office in Africa.
As far a certifications go, we are a Microsoft Gold Certified Partner, CERT-In as well as a ISO 27001 Certified Company.
Can you share some information about your decision to use Netsparker?
We started using Netsparker in 2013 with the intention of automating and speeding up our web scanning process to find vulnerabilities. We have since made automated vulnerability scanning a part of our regular pen testing process.
Prior to using Netsparker, we were performing manual testing for critical flaws and implementing web firewalls. However, because we manage a tremendous amount of critical customer data and sensitive information, finding a way to make our scanning process as consistent and reliable as possible was a top priority.
We did take some time to test other web application security scanners and found that set-up time and reliability were not really comparable to Netsparker.
What can you tell us about your current use of Netsparker?
Obviously, after 10 years in business, we have developed some very consistent practices and procedures.
We currently use Netsparker five days per week and scan four different web applications on a revolving basis. These consist of both civilian and government applications built on a variety of web frameworks and running on different types of servers. Netsparker handles this variety with ease.
Did Netsparker discover any vulnerabilities that you’re comfortable disclosing?
Yes! In several critical applications, Netsparker was able to identify both SQL injection and code execution vulnerabilities, two vulnerability types it’s very good at discovering.
Have you had an opportunity or need to call our customer service or sales teams? How was that experience?
Yes we have and we’ve always found the customer service to be entirely satisfactory – exactly what we would expect from such a mission-critical part of our business.
If you had to summarize Netsparker in just a single sentence, what would you say?
Netsparker is our tool of choice for scanning large web applications and it’s great at finding SQL Injection vulnerabilities.