Each Netsparker license comes with access to Netsparker Standard – a downloadable set of advanced tools that you can run in a local environment for manual vulnerability testing and troubleshooting. This gives your security professionals the ability to test assets that, for a variety of reasons, cannot or should not be scanned fully automatically and to dive deeper into the root causes of vulnerabilities. You can also run the scanner locally in proxy mode to replay requests and reuse existing test automation.
Your security engineers can use Netsparker Standard to manually investigate issues detected by Netsparker or run their own vulnerability assessments on local systems, including the option of crafting custom checks and attack payloads. Netsparker Standard comes with a host of advanced tools to make this easier and more effective, including an HTTP request builder, encoding and decoding tools, and a ViewState viewer for .NET applications. It also has a full scanning engine for vulnerability testing in local environments.
Netsparker Standard includes advanced manual features such as the ability to retest only specific vulnerabilities or exclude selected assets from the test attacks. To allow testing in environments that require user interaction to authenticate, manual authentication using smart cards is supported, as are interactive login flows. For scenarios where manually guided crawling is needed, you can run the local Netsparker scanner in proxy mode.
Guided operation in proxy mode includes the ability to import and replay HTTP requests recorded using tools such as Fiddler and Postman for use as login flows (with automatic logout detection) or scanning sequences. You can also use Selenium scripts to guide the scanning process, allowing you to reuse UI testing resources and integrate scanning into existing test suites. A command-line interface is available to control scanner operations from PowerShell scripts.
Centralized vulnerability management and visibility is a fundamental Netsparker advantage. If needed, scan results from Netsparker Standard can be automatically uploaded to the central Netsparker server. When testing air-gapped or otherwise isolated environments, you can manually export results and then seamlessly incorporate them into your central vulnerability management view. To maintain a complete picture of your environment, you can also view your Netsparker scan results in Netsparker Standard.