Benefits of Netsparker

Trying Netsparker is easy and completely free. Just click the button at the right to claim your 15-day evaluation copy of Netsparker Professional. No payment is required and we will not ask for your credit card details.

TRY IT FOR FREE APPLY FOR DEMO EDITION

Advanced Scanning Technology

Behind their deceptively simple user interface, the Netsparker web security scanners hosts an advanced suite of scanning technologies that can probe deep into your web application, identifying security flaws and exploitable vulnerabilities that other products merely leave to chance.

AJAX/JAVASCRIPT SUPPORT

As part of its response parsing mechanism, Netsparker incorporates a JavaScript engine that can parse, execute and analyze the output of JavaScript.

This allows Netsparker to successfully crawl and interpret modern HTML5 and Web 2.0 web applications that rely on client-side scripting, including custom code execution, AJAX operations or page content that is dynamically created using well-known frameworks such as jQuery and AngularJS.

AUTHENTICATION

Nearly every web application uses authentication, so it is essential that web security scanner is able to access pages that require authentication. The Netsparker scanners address this need by including an easy to configure authentication module that allows web application authentication credentials to be configured without the need to record any login macros. Netsparker supports the following authentication methods:

  • Basic Authentication
  • Form Authentication
  • NTLM Authentication
  • Digest Authentication
  • Kerberos Authentication
  • SSL Client Certificate Authentication

ANTI-CSRF TOKEN SUPPORT

Many web applications incorporate protection mechanisms to guard against CSRF (Cross-site Request Forgery) exploitation attacks. However, most other web application security scanners are unable to successfully scan pages that use such mechanisms, rendering them ineffective at security auditing such websites.

Netsparker addresses this challenge by automatically getting a new Anti-CSRF token before carrying out requests, enabling it to offer the only complete and automated web application security scanning solution for this scenario.

AUTOMATIC DETECTION OF CUSTOM 404 ERROR PAGES

Although very popular with modern web applications, custom 404 error pages are misinterpreted by most automated web security scanners and are typically reported as vulnerabilities, or can cause a scanner to report false positives.

On the other hand, the Netsparker web application security scanners will automatically detect and properly handle custom 404 error pages and can automatically detect and report vulnerabilities in them.

HEURISTIC & AUTOMATED DETECTION OF URL REWRITES

You do not need to have access to a website’s configuration or know how to write Regular Expressions to scan a website which uses URL Rewrite. Netsparker scanners can heuristically detect URL Rewrite patterns and automatically configure themselves to properly crawl and scan all the parameters on the target web applications.

EASILY CONFIGURE URL REWRITE RULES TO SCAN PARAMETERS IN URL

Should you want to configure your own URL Rewrite rules you can override the automation and configure them via a user-friendly wizard. Unlike with other security scanners configuring URL rewrite rules in Netsparker is as easy as ABC; simply launch the wizard, specify a sample URL and select the parameters’ names. The rest is all automated.

For more information about URL Rewrite Rules and why you should configure them when scanning web applications read URL Rewrite Rules and Web Vulnerability Scanners.