Access and Test Every Part of Your Application

Scanners can only check assets that they know about and can access, so accurate vulnerability scanning starts with crawling and authentication. Netsparker combines advanced crawling technologies with broad support for industry-standard authentication methods to analyze every asset and identify entry points that could be used by attackers. This ensures maximum test coverage, so you know that every corner of your application has been checked.

Accurately Crawl Modern Web Applications

After the discovery phase, Netsparker uses its advanced crawler to explore all links, forms, and UI elements on every page. The crawler can even navigate and submit discovered forms to map out the complete navigation tree. With its dedicated JavaScript engine, Netsparker can parse, execute, and analyze JavaScript output to successfully crawl and interpret modern single-page applications (SPAs) that rely heavily on client-side scripting. This includes page content that is entirely generated dynamically using popular frameworks such as jQuery and AngularJS.

Benefit from Advanced Crawling Functionality

The Netsparker crawler comes with a host of advanced features that improve visibility, security, and usability:

  • Support for anti-CSRF mechanisms: You can easily configure Netsparker to crawl and scan websites that use anti-CSRF tokens or another type of CSRF (Cross-Site Request Forgery) attack protection.
  • Improved discovery: If previously unknown domains are discovered while crawling links and forms, Netsparker can add them to the discovery module configuration to improve visibility.
  • Minimal manual setup for custom error pages: Netsparker can automatically detect and scan custom 404 error pages to reduce noise in the results without extra manual work.
  • Maximized coverage with URL rewriting: The crawler detects URL rewrites and intelligently infers rewrite rules to make sure that all web application parameters are crawled and scanned.

Easily Configure and Customize Authentication

Scanning assets that require authentication is challenging for many vulnerability scanners. Even products with some support for automated login often struggle with custom forms or single sign-on (SSO). Netsparker comes with an easy-to-configure authentication module that allows it to fully access and scan protected web applications and website sections. Supported authentication methods include automated login form submission (including multi-field custom forms) and many other popular schemes, such as OAuth2, NTLM/Kerberos, basic HTTP authentication, and more.

Run Authenticated Scans on Production-Ready Applications

Netsparker’s extensive support for authenticated scanning means you can test applications in their ready-to-run configuration, including any authentication, both in staging and production environments. Less advanced scanners might skip restricted sections, potentially leaving unchecked vulnerabilities, or require workarounds such as scanning with authentication disabled. Netsparker scans the entire application in exactly the same way that a real-life attacker would probe it after obtaining illicit access. That way, you can have full confidence in your scan coverage and results.

Save your security team hundreds of hours with
Netsparker’s web security scanner.

Get a demo See how it works