Scan All Your Web Assets

Outdated and forgotten web applications in complex enterprise networks and web farms are often used by cybercriminals to launch attacks. To help you find, scan, and secure all of your web assets, Netsparker provides robust functionality for discovery, crawling, and authentication.


As soon as you register with Netsparker, the Application and Service Discovery feature automatically begins suggesting websites and web applications that might belong or relate to your organization. This is a vital pre-scan step that helps you find all your web assets and decide which of them should be scanned and with what settings.

Application and service discovery settings in Netsparker
Netsparker supports many popular web development frameworks and languages


After discovery, Netsparker uses advanced crawling technologies to analyze each asset and identify entry points that could be used by attackers. With its dedicated JavaScript engine, Netsparker can parse, execute, and analyze JavaScript output to successfully crawl and interpret modern HTML5, Web 2.0 and Single Page Applications (SPAs) that rely heavily on client-side scripting. This includes page content that is dynamically generated using popular frameworks such as jQuery and AngularJS.

Netsparker's automatic crawling functionality includes:

  • Anti-CSRF token support to scan websites that have CSRF (Cross-Site Request Forgery) attack protection
  • Automatic detection and scanning of custom 404 error pages
  • Heuristic and automated detection of URL rewrites to crawl and scan all web application parameters


Scanning password-protected websites is challenging for many vulnerability scanners. Netsparker provides an easy-to-configure authentication module that allows it to access and scan password-protected web applications and website sections. Credentials are configured without the need to record login macros. Netsparker supports Basic, Form-based, NTLM, Digest, Kerberos, Client Certificate, and Smart Card authentication.

Configuring login form authentication in Netsparker

Save your security team hundreds of hours with Netsparker’s web security scanner.

Get a demo