Easy to use so you can start scanning within seconds.
Fully automated DAST solution that scans any type of web application.
Proof-Based Scanning™ to automatically verify identified vulnerabilities.
Complete solution that can be integrated in your environment.
On-premises desktop web vulnerability scanner with advanced penetration testing tools and reporting utilities – a fully configurable tool that is ideal for individual security professionals and developers who manage the security of only a handful of websites.
Scalable, multi-user web application security solution with built-in workflow and reporting tools that is ideal for security teams and enterprises. It is available as a hosted and self-hosted solution and can be fully integrated in any development or testing environment.
This is an on-premises desktop web vulnerability scanner with advanced penetration testing tools and reporting utilities – a fully configurable tool that is ideal for individual security professionals and developers who manage the security of only a handful of websites.
This is a scalable, multi-user web application security solution with built-in workflow and reporting tools that is ideal for security teams and enterprises. It is available as a hosted and self-hosted solution and can be fully integrated in any development or testing environment.
Netsparker uses a Chrome based crawling engine. It can crawl and scan any type of modern and custom web application including HTML5, Web 2.0 and Single Page Applications (SPA).
With Netsparker, you can launch an automated web vulnerability scan within seconds because you need only to configure credentials if you are scanning a website behind a login page. Everything else is automated, including the heuristic detection of URL rewrite rules, custom 404 error pages and anti-CSRF tokens.
Netsparker pioneered Proof-Based Scanning™, a technology that automatically verifies identified vulnerabilities, demonstrating that they are real and not false positives. It verifies them by generating a proof of exploit with the following results:
Traditional DAST (Dynamic Application Security Testing) solutions can only detect vulnerabilities by sending a request to the target and analyzing the response. This limits their detection capabilities to a smaller number of web application vulnerabilities.
The Netsparker web application security solution supersedes traditional vulnerability scanning techniques. It uses the Netsparker Hawk vulnerability testing infrastructure1 to identify even the the most complex vulnerabilities, such as Server Side Request Forgery (SSRF) and Out-of-Band and Second Order vulnerabilities.
Even though the Netsparker web application security solution is easy to use and fully automated, it is still entirely configurable. Every feature and aspect of the scan, including automated ones, is customisable.
Prior to launching a scan, you can configure the scan scope to instruct the scanner how to crawl the website. You can also configure the scan policy to determine which security checks should run during the scan, along with custom cookies, anti-CSRF tokens, custom HTTP headers and more.
While the majority of technical security issues can be automatically identified and exploited, logical vulnerabilities can only be identified manually. This is why you need the right tool for the job – something that extends the capabilities of a traditional automated web vulnerability scanner.
Even though Netsparker is an automated solution, it has all the penetration testing tools you need to help you conduct a thorough security assessment of your target web application. It includes a manual crawler, a controlled scan feature, a HTTP request builder and several other tools that make it the ultimate web security toolkit.
Many professionals dread creating and reading reports, yet they are part of our modern work environment. Developers need technical reports to understand and remediate issues; management use reports to help them allocate resources wisely, manage the team and approve projects and workflows; and auditors want reports to ensure the web application adheres to regulatory guidelines.
The Netsparker web application security scanner has a built in reporting tool to help you generate any type of report you want, including compliance reports for PCI DSS, HIPAA and OWASP Top 10. You can also export scan data in XML, CSV and other file formats that can be easily parsed by other tools.
A traditional DAST solution does not allow you to truly scale up and scan thousands of web applications. Your team would need weeks to configure it and manually verify the identified vulnerabilities, thus it is an infeasible solution.
With Netsparker’s exclusive pre-scan automation and Proof-Based Scanning™ technology you can easily scale up. Within a matter of hours, you can detect vulnerabilities and have the informed and accurate results developers need to start fixing issues. Netsparker automatically verifies the identified vulnerabilities so your team does not have to manually verify them.
Netsparker uses a Chrome-based crawling engine. It can crawl and scan any web application regardless of the technology it is built with. It can scan HTML5, Web 2.0 Applications, Single Page Applications (SPA) and any other type of application that relies heavily on client-side technology.
It can also scan password protected websites and supports all popular authentication mechanisms used on the web, including form authentication, client certificate authentication and smart card authentication.
Netsparker can also identify and scan legacy and off-the-shelf web applications, such as WordPress and Drupal, as well as libraries and frameworks such as AngularJS and jQuery.
Traditional DAST (Dynamic Application Security Testing) solutions can only detect vulnerabilities by sending a request to the target and analyzing the response. This limits their detection capabilities to a limited number of web application vulnerabilities.
The Netsparker web application security solution surpasses traditional vulnerability scanning. It uses Netsparker Hawk's vulnerability testing infrastructure2 to also identify even the most complex vulnerabilities, such as Server Side Request Forgery (SSRF), Out-of-Band and Second Order vulnerabilities.
Stop stressing about vulnerability triage, micromanaging issues and delegating fixes. Netsparker can automatically post issues to your issue tracking systems and assign it to the developer who committed the code, instantly alerting them of security flaws in their code.
Netsparker also automatically checks developer fixes, so most of the post scan and vulnerability triage processes are automated. By automating your organization’s workflow:
By integrating Netsparker in your SDLC, DevOps or any other environment, you create a closed-loop web application security solution. This means that scans are launched automatically on code commits, issues are reported automatically and assigned to the developer who committed the code, and fixes are also checked automatically.
This continuous web security assessment setup, our tailored workflow tools and reports that allow management to stay on top of web application security collaborate to guarantee that web applications, web services and APIs are secure all year round.
Web application security is a process, not a one-off fix. This is why Netsparker's dashboard reports highlight the state of security of websites over a period of time, rather than simply showing the result of a single scan carried out at one point in time. These reports provide an illustrated insight into vulnerability data and trends – affording managers a better understanding of both individual developers' productivity and organisation progress as a whole.
On the other hand, issue reports are very detailed and specific. They include all the technical details developers need to understand the vulnerability. These technical reports also include practical, remedial recommendations for developers.