Integrate Netsparker with Other Security Tools in the SDLC

A complete web application security audit cannot be completed using a single application, hence a good web security tool needs to play well with others, and that is what Netsparker Web Application Security Scanner does.

Importing and Exporting to Other Tools

To enable Netsparker to security test web applications that have been previously tested or crawled by other tools, and to give more flexibility to penetration testers who like to use multiple security tools in their security audits, Netsparker can import session data from several other popular third-party tools.

Netsparker is currently able to import session data from Fiddler, Paros, Burp and other popular proxies and tools. It can also import sessions from raw HTTP requests and links typically generated by proxy or custom tools.

You can also export HTTP requests and vulnerability details to cURL and sqlmap.

Inter-operability with Other Security Tools

Through close collaboration with a selection of other security tool vendors, Netsparker has been designed to inter-operate with their products so it can be easily integrated into your software development lifecycle (SDLC). Tools that currently inter-operate with Netsparker include:

  • Metasploit, Metasploit Express and Metasploit Pro
  • Threadfix Vulnerability Manager (watch this webinar for more information)
  • Kenna Security Vulnerability & Risk Intelligence (previously Risk I/O Vulnerability Dashboard)
  • LunarLine Vulnerability Scan Converter and Dradis Framework
  • Brinqa Cybersecurity Risk Managment

Bug Tracking System Integration

Netsparker can submit identified vulnerabilities with their technical details as new tickets in bug tracking and code management systems such as JIRA and Github. Such functionality allows organizations to automate more of the development process, thus saving on man hours which could be used to remediate vulnerabilities instead. A well-documented API is also available for bug tracking system integrations, allowing users to easily integrate Netsparker with their bug tracking system of choice. For more information read Integrating Netsparker with Bug Tracking Systems to Easily Export Identified Vulnerabilities as Issues.

Launch Automated Scans with Each Build

Automatically trigger a silent and unmanned web vulnerability scan from the Build / Continuous Integration server each time a new build is available via the Netsparker command line interface. By combining the trigger of automated scans and bug tracking system integration organizations can automate almost all of the QA process.

Generate ModSecurity Rules from Security Scan Results

In most cases, security flaw fixes cannot be implemented within just a few minutes, especially if the web application is live. In such case when you use Netsparker you can export the website security scan results as ModSecurity, to temporarily cover up the identified vulnerabilities.

Download Netsparker Desktop Demo

Trying Netsparker is easy and completely free. Just click the Download Demo button to get your 15-day evaluation copy of Netsparker Desktop. No payment is required and we will not ask for your credit card details.