After a good number of months of late nights and endless supply of coffee, many beta testers and discussions about adding or removing specific features, we are happy to announce that Netsparker Cloud, the new online web application security scanner is officially released and available for all of you.
The name says it all; Netsparker Cloud is an online web application security scanner built on top of AWS (Amazon Web Services), guaranteeing the best possible performance and scalability. You can scan hundreds or thousands of web application in just a few hours and all the results will be correlated, easy to access and act on.
The service uses the already proven scanning technology of the desktop edition of Netsparker. Therefore we guarantee you that it will detect the most vulnerabilities, as shown in Shay Chen’s last independent web vulnerability scanners comparison, and it reports no false positives.
Another online web security scanner on the market? No, Netsparker Cloud is different. It brings a lot to the table especially for large organizations who would like to ensure the security of hundreds and even thousands of websites and web applications. Netsparker Cloud can also be used by small businesses, though as explained in this post it has a good number of features that help organizations ease the job of securing their web applications.
Even though easy to use products and false positive free web security scanning technology has become synonymous with the Netsparker brand, it is still very important to talk a bit about them and to remind users and business owners how much their organization can benefit from such features.
Web application security is not exactly a straightforward process, hence by using easy to use products you ensure that you and your team can focus on securing web applications and not figuring out how to use the tools.
Once we are speaking about ease of use of security tools, allow me to show you how you can configure form authentication, so Netsparker Cloud can scan a password protected area in your website. Most probably you have seen how it works with other tools, where you have to record a login macro, or contact support to configure it for you. With Netsparker Cloud it is as simple as specifying the login form URL and username and password and the service will figure out everything by itself.
If you are using Client Certificate, NTLM, Basic or Digest authentication simply tick the checkbox and specify the credentials. Yes it is that simple.
Every security professional will tell you that false positives are a big detriment in the web application security industry. If you use a tool that reports a lot of false positives that you have to manually verify, then what is the use of automating the process? Might as well audit the web application manually, which is of course an impossible feat considering the complexity and size of today’s web applications. And we designed Netsparker’s scanning technology, which is used in both Netsparker Cloud and Desktop with this in mind. Hence Netsparker Cloud is a false positive free online web security scanning service.
One of the biggest problems in the security process is bringing everyone to the speed, keeping developers responsible and having a good communication channel between security and developments teams good. Since it is a multi-user platform, Netsparker Cloud allows teams in large organizations easily collaborate between them to ensure that all web applications are scanned and all identified vulnerabilities are closed down.
There is no limit to how many users you can create for each account and the main account holder can configure different privileges for each created user, ensuring that every user only has access to what they need to do the job. Refer to Ease Collaboration and Improve Productivity with Netsparker Cloud for more information on the multi-user feature.
Netsparker Cloud has a built in vulnerability management system which allows team members to assign vulnerabilities as tasks to others, thus ensuring everyone knows what needs to be done. Similar to a bug tracking system, this feature really helps in ensuring all vulnerabilities are remedied.
Once a vulnerability is marked as fixed Netsparker Cloud will automatically scan the web application to ensure the fix. Should it not be fixed, the task will be automatically reassigned to the developer. Read Vulnerability Management and Remediation for more information on this handy feature. And if instead you would like to continue using your existing bug tracking system, that is fine as well as Netsparker Cloud can be easily integrated with it.
Even though Netsparker Cloud is an online service it is a fully configurable online web security scanning service. In terms of configuration it is the same as Netsparker Desktop, there are no limitations to the type of scan settings you can configure, or which scan policy or URL rewrite rules to use for a web vulnerability scan.
In Netsparker Cloud you can create and use groups to group websites. By grouping websites you can configure specific scan policies and settings that can be used to scan the websites, or scan a group of websites at the same time. Groups also allow you to easily get an overview of the security state of a number of websites in the group, rather than having to manually sift through thousands of scan results.
Integrating Netsparker Cloud in your SDLC and Continuous Development is very easy and secure; an API token is used for each user and all type of actions such as launching a new web application security scan and getting the results of a scan can be triggered via the API. Detailed API documentation is available in Netsparker Cloud.
The above list is just an overview of what is new in Netsparker Cloud. See for yourself how much time and resources your business can save when using Netsparker Cloud to ensure the security of all websites and web applications. Apply for a Netsparker Cloud trial and your region’s product specialist will get in touch and sort out a free full trial.
As much as we are happy with this new release of Netsparker Cloud, we are also excited with what lies ahead. Even though we are confident that Netsparker Cloud has already raised the bar for online web application security scanners, we are sure that there is a lot that still needs to be done therefore we would like to hear from you. Go ahead and apply for a Netsparker Cloud trial and let us know what you think of it. Visit the Netsparker Cloud product page and Netsparker Cloud benefits page for more information about the features of Netsparker cloud and the benefits your business can take advantage of when securing web applications with Netsparker Cloud.