Scanning web applications at scale is arguably one of the more confronting challenges for any web security professional. This interview, with Sumeru's Lead Penetration Tester, explains why he selected Netsparker above other solutions, to manage, automate and accelerate the security scanning of their clients' websites.
Sure, I’m an Information Security Analyst with Sumeru. We’ve been in the Information Technology Services business for a little over a decade. We actually started out quite small – just 3-4 individuals making great software.
We now have clients worldwide – 22 countries to be exact – who rely on us for their web application services, information security and business process management needs.
Our clients include entrepreneurs, banks, hotels, airlines, political parties and more. We’re very passionate about what we do and have a strong sense of purpose.
We presently have three offices: one in the US, one in the UK and one in India. Also, we also have a joint venture office in Africa.
As far a certifications go, we are a Microsoft Gold Certified Partner, CERT-In as well as a ISO 27001 Certified Company.
We started using Netsparker in 2013 with the intention of automating and speeding up our web scanning process to find vulnerabilities. We have since made automated vulnerability scanning a part of our regular pen testing process.
Prior to using Netsparker, we were performing manual testing for critical flaws and implementing web firewalls. However, because we manage a tremendous amount of critical customer data and sensitive information, finding a way to make our scanning process as consistent and reliable as possible was a top priority.
We did take some time to test other web application security scanners and found that set-up time and reliability were not really comparable to Netsparker.
Obviously, after 10 years in business, we have developed some very consistent practices and procedures.
We currently use Netsparker five days per week and scan four different web applications on a revolving basis. These consist of both civilian and government applications built on a variety of web frameworks and running on different types of servers. Netsparker handles this variety with ease.
Yes! In several critical applications, Netsparker was able to identify both SQL injection and code execution vulnerabilities, two vulnerability types it’s very good at discovering.
Yes we have and we’ve always found the customer service to be entirely satisfactory – exactly what we would expect from such a mission-critical part of our business.
Netsparker is our tool of choice for scanning large web applications and it’s great at finding SQL Injection vulnerabilities.
“Netsparker are not just another vendor from where we purchase any other software, they are like business partners. We have to trust their products do a good job to ensure the security of our cloud-based platforms, else our business’ reputation could on the line. And Netsparker have earned such trust.”Read the RPM
"As opposed to other web application scanners we used, Netsparker is very easy to use and does not require a lot of configuring. An out of the box installation of Netsparker Web Application Security Scanner can detect more vulnerabilities than any other web application..."Read the ING
"At inFactor, we believe that our security-focused culture is fundamental in helping protect our platform and customers. Netsparker enables our team to quickly identify vulnerabilities by launching scans after code gets committed. This is vital in helping us ensure we catch vulnerabilities early in our development process."Read the inFactor