Netsparker

Netsparker is the only False-positive-free web application security scanner. Simply point it at your website and it will automatically discover the flaws that could leave you dangerously exposed.

Visit NetSparker web site at www.netsparker.com

...

Be the first to review this product

Pricing   Contact us for Quote
SoftwareAsia SKU   EORERO-YU
Publisher's SKU   EORERO-YU12

Details

False-Positive Free

Netsparker doesn’t produce false positives, period.

All current web application security scanners report false-positives. That is, they report vulnerabilities

that do not exist.

Netsparker is different; it will perform multiple tests to confirm any identified issues. If Netsparker

can’t confirm them, the issue will require manual inspection and verification – therefore Netsparker

will inform you about a potential issue - generally prefixed as [Possible].

This means that if Netsparker makes a positive confirmation, you can be sure that a real vulnerability

has been found.

Netsparker confirms vulnerabilities by exploiting them in a safe manner. If a vulnerability is

successfully exploited, it can’t be a false-positive. Exploitation is carried out in a non-destructive

way.

 

JavaScript / AJAX / Web 2.0 Support

Netsparker has a JavaScript engine which can parse, execute and analyse the output of JavaScript

and VBScript used in web applications.

This allows Netsparker to successfully crawl and understand websites that use different AJAX

frameworks, custom code or well-known frameworks such as jQuery.

 

SOAP Web Service Scanning Support

Netsparker parses WSDL (Web Services Definition Language) documents and creates SOAP (Simple

Object Access Protocol) requests for each operation defined in the WSDL document. This allows

Netsparker to attack web services successfully. You can either scan a single web service by entering its WSDL address or importing the WSDL file from disk. If you start a regular web site scan and

Netsparker discovers WSDL documents on that site, Netsparker will automatically scan those web services too.

 

Detailed Issue Reporting

Netsparker reports vulnerabilities with the maximum available details to make the issue, and the impact, clear to the user.

For example, instead of simply reporting XSS (Cross-site Scripting), Netsparker will report one of the following issues:

 Reflective Cross-site Scripting

 Permanent Cross-site Scripting

Automation

Netsparker provides a CLI (Command Line Interface) to help you to automate scans and integrate

Netsparker into your automated scanning, reporting or development systems.

Logging

Netsparker supports logging of all HTTP Requests and responses, as well as all identified vulnerabilities and other scan-related data.

Reporting

Netsparker produces reports in several different formats:

 XML

 HTML

 PDF

 CSV

In addition, you can use Netsparker’s Reporting API to generate custom reports. The Reporting API supports C# scripting, and Netsparker ships with a selection of sample report templates which you may use as models for your own custom reports.

DRM Free Licensing

Netsparker utilizes a user-friendly licensing system which also respects users’ privacy. It’s DRM free and you don’t have to activate it every time you move your license. Also it doesn’t require an internet connection to activate or work. It works instantly, without the need to login anywhere or get permission from us.

Integrated Exploitation Engine

Netsparker delivers the detection, confirmation and exploitation of vulnerabilities in a single integrated environment.

When Netsparker identifies a vulnerability, it will let you exploit the vulnerability, if possible, so that you can see the real impact of an attack.

Currently Netsparker supports:

 Exploitation of SQL Injection vulnerabilities

 Getting a reverse shell from SQL Injection vulnerabilities

Netsparker Ltd. © 2009-2013, all rights reserved.

www.netsparker.com

Chapter: Introduction to Netsparker

10

 Exploitation of LFI (Local File Inclusion) vulnerabilities

 Downloading the source code of all crawled pages via LFI (Local File Inclusion)

 Downloading known OS files via LFI (Local File Inclusion)

Post-Exploitation

Netsparker is the only web application security scanner with an integrated exploitation engine. This gives Netsparker an edge, and allows it to carry out post-exploitation security checks.

Initially, this is limited to checks carried out after SQL Injections, however the number and scope of checks will be increased in future releases of Netsparker.

When Netsparker identifies an SQL Injection, it will check to determine if the database user has admin privileges. If the user has administrator privileges, Netsparker will report a new issue called

Database User Has Admin Privileges

Authentication

Netsparker supports several authentication methods:

 Basic Authentication

 Form Authentication

The user can configure form authentication for different websites.

 NTLM Authentication

 Digest Authentication

This allows you to test an application which requires any one of the listed authentication methods.

Knowledge Base

Netsparker reports informational items which can help the user to see overall design of the application such as:

 List of File Extensions

 List of E-mail Addresses

 List of Cookies

 List of Interesting Headers

 List of Pages With Inputs

 List of MIME Types

 List of JavaScript Files

 List of External Hosts

 List of External Scripts

Bug Tracking Integration

Netsparker can be integrated with external bug tracking systems and you can send the vulnerabilities

to those systems using the Send To feature. Out of the box Netsparker has support for FogBugz

and JIRA integration but it can be extended using the API.

Product Name Price Qty
Netsparker
Publisher SKU: EORERO-YU12
Contact Us For Quote

FOR WEB APP DEVELOPERS

Since application security is just part of your remit, you need tools that get the job done without the extended learning curve. Netsparker does just that, with an intuitive user interface and a quick-start scanning procedure that will have you testing your app in seconds.

Netsparker offers full support for AJAX and JavaScript-based applications, so you can rely on comprehensive security scanning, regardless of your choice of technology.

FOR PENETRATION TESTERS

With its unique False-Positive Freeguarantee, Netsparker is the only web application security scanner that uses a built-in exploitation engine to positively confirm vulnerabilities, leaving you free to spend your time eliminating threats, not proving them.

Netsparker’s Post Exploitation feature takes automated exploitation to the next level, revealing additional insight into your security infrastructure that no other automated testing product can match.

CONVINCE YOUR BOSS

The primary goal of a web application security scanner is to eliminate the repetitive drudgery of security testing, leaving testers free to use their skills in areas where they’ll make a real difference.

Netsparker boasts an arsenal of automated security testing weapons that get straight to the point, providing testers with the precise information they need to do their job quickly and effectively.

Name:    Netsparker
Website:    https://www.netsparker.com
About:   

SoftwareAsia is a Netsparker Reseller and Value based in Asia with operations in Hong Kong, Singapore, Malaysia, Philippines, India, Thailand and Indonesia. We offer First line support, training, and customisation services.

Visit NetSparker web site at www.netsparker.com

Netsparker is the publisher of the false positive free Netsparker Web Application Security Scanner. Netsparker Web Application Security Scanner is an industry leading automated web vulnerability scanner that automates most of the web application security scanning. 

Questions and Answers

add your question

There are no entries.


Product Tags

Use spaces to separate tags. Use single quotes (') for phrases.

Featured Brands