A false positive is like a false alarm; the web application security scanner indicates that your website is vulnerable when it is not. False positives prolong and hinder the process of securing web applications since a manual follow-up is needed to verify all the vulnerabilities the scanner has detected. Therefore the allocated time is spent manually verifying false positives rather than securing the websites, web applications and web services.
To eliminate the time wasting and difficult process of manually verifying the scanners findings and ensuring there are no false positives, Netsparker has been designed from the ground up to go beyond what other web application security scanners do; it actively confirms whether the identified web vulnerabilities are real or not. In other words Netsparker simulates an real penetration tester.
Netsparker dynamically executes custom attacks to exploit suspected vulnerabilities in a safe and non-destructive manner. Netsparker is able to conclusively prove that an identified web application vulnerability is real and also generates either a Proof of Exploit or Proof of Concept. If Netsparker is unable to absolutely confirm a vulnerability, the vulnerability is marked as “Possible”. This indicates that it requires manual verification, but, if Netsparker marks a vulnerability as confirmed, you can trust it.
The result: Dead accurate Web Application Security Scans and Reports.
Read Proof-Based ScanningTM for a more detailed explanation of this unique and cutting-edge technology and watch the short video below for an overview of how it works.
Apply for a free trial of Netsparker Cloud. No payment is required and we will not ask for your credit card details.