Netsparker can identify more than just low hanging type vulnerabilities in web applications. It can also identify the most complex of vulnerabilities such as:
These type of vulnerabilities cannot be identified via the typical request-response approach that black box web vulnerability scanners (DAST) use. In fact even the most seasoned security professionals can easily fail to identify these type of vulnerabilities.
These complex vulnerabilities can only be identified with the aid of Netsparker Hawk, a vulnerability testing infrastructure that is used by the Netsparker web application security scanner a web application security scan. Refer to How Netsparker Hawk finds SSRF and Out-of-Band vulnerabilities for more information on Netsparker Hawk and how it works.