Scanners can only check assets that they know about and can access, so accurate vulnerability scanning starts with crawling and authentication. Netsparker combines advanced crawling technologies with broad support for industry-standard authentication methods to analyze every asset and identify entry points that could be used by attackers. This ensures maximum test coverage, so you know that every corner of your application has been checked.
The Netsparker crawler comes with a host of advanced features that improve visibility, security, and usability:
Scanning assets that require authentication is challenging for many vulnerability scanners. Even products with some support for automated login often struggle with custom forms or single sign-on (SSO). Netsparker comes with an easy-to-configure authentication module that allows it to fully access and scan protected web applications and website sections. Supported authentication methods include automated login form submission (including multi-field custom forms) and many other popular schemes, such as OAuth2, NTLM/Kerberos, basic HTTP authentication, and more.
Netsparker’s extensive support for authenticated scanning means you can test applications in their ready-to-run configuration, including any authentication, both in staging and production environments. Less advanced scanners might skip restricted sections, potentially leaving unchecked vulnerabilities, or require workarounds such as scanning with authentication disabled. Netsparker scans the entire application in exactly the same way that a real-life attacker would probe it after obtaining illicit access. That way, you can have full confidence in your scan coverage and results.