Behind their deceptively simple user interface, the Netsparker web security scanners hosts an advanced suite of scanning technologies that can probe deep into your web application, identifying security flaws and exploitable vulnerabilities that other products merely leave to chance.
This allows Netsparker to successfully crawl and interpret modern HTML5 and Web 2.0 web applications that rely on client-side scripting, including custom code execution, AJAX operations or page content that is dynamically created using well-known frameworks such as jQuery and AngularJS.
Nearly every web application uses authentication, so it is essential that web security scanner is able to access pages that require authentication. The Netsparker scanners address this need by including an easy to configure authentication module that allows web application authentication credentials to be configured without the need to record any login macros. Netsparker supports the following authentication methods:
Many web applications incorporate protection mechanisms to guard against CSRF (Cross-site Request Forgery) exploitation attacks. However, most other web application security scanners are unable to successfully scan pages that use such mechanisms, rendering them ineffective at security auditing such websites.
Netsparker addresses this challenge by automatically getting a new Anti-CSRF token before carrying out requests, enabling it to offer the only complete and automated web application security scanning solution for this scenario.
Although very popular with modern web applications, custom 404 error pages are misinterpreted by most automated web security scanners and are typically reported as vulnerabilities, or can cause a scanner to report false positives.
On the other hand, the Netsparker web application security scanners will automatically detect and properly handle custom 404 error pages and can automatically detect and report vulnerabilities in them.
You do not need to have access to a website's configuration or know how to write Regular Expressions to scan a website which uses URL Rewrite. Netsparker scanners can heuristically detect URL Rewrite patterns and automatically configure themselves to properly crawl and scan all the parameters on the target web applications.
Should you want to configure your own URL Rewrite rules you can override the automation and configure them via a user-friendly wizard. Unlike with other security scanners configuring URL rewrite rules in Netsparker is as easy as ABC; simply launch the wizard, specify a sample URL and select the parameters' names. The rest is all automated.
For more information about URL Rewrite Rules and why you should configure them when scanning web applications read URL Rewrite Rules and Web Vulnerability Scanners.