Netsparker
Netsparker is a tool for scanning web sites for security vulnerabilities.
- Scans websites for vulnerabilities and provides detailed information about detected vulnerabilities.
- Netsparker identifies the vulnerabilities and verifies the magnitude of the vulnerability by exploiting it and documenting the exploit.
- Tests websites as well as web services for vulnerabilities.
- Web services are often used for system integrations, and may not be considered as candidates for vulnerability testing.
- Integrated reporting tools provide you with the tools you need to identify vulnerabilities and provide the information in a usable format to the people responsible for correcting them.
- Provides detailed information about the vulnerabilities in your websites and proof of exploits. This improves your ability to identify, prioritize and fix the vulnerabilities.
- Netsparker can be set to automatically scan hundreds of sites. You no longer have to scan each site individually and spend your time writing reports.
- Includes AJAX and Javascript support, improving your ability to detect client-side vulnerabilities.
- A free demo is available for testing in your own environment.
- Netsparker provides a detailed list of vulnerabilities, and may provide an attacker with all the information they need to exploit identified vulnerabilities.
- Netsparker Desktop has two different pricing levels, and the basic level is limited to three websites.
Netsparker enables you to scan websites for vulnerabilities. It determines the type of vulnerability and potential exploitation mechanisms. However, Netsparker doesn't just report on potential vulnerabilities. It actually verifies the exploit by running a read-only exploit against the vulnerability and documents the results. This saves you from having to go through and verify each identified vulnerability independently. When an exploit is identified, you can be certain it exists, it is exploitable, and you have the proof already in hand. Netsparker can scan any type of website. The built-in URL rewrite engine can dynamically self-tune to work with the site being scanned. It can scan password-protected sites with supplied credentials without having to create a special login macro or program. The vulnerability scanning engine has functionality built in to avoid reporting custom 404 pages as vulnerabilities. The Netsparker vulnerability testing engine provides information about the exploits at an actionable level of detail. That is, the information provided gives you exceptional insight into the mechanism behind the vulnerability. Netsparker comes with many standard reporting forms included. You can pick the appropriate template and output the results of the scan directly into the template. If necessary, you can also design your own reporting template if none of the existing templates meet your needs.
Alternatives to Netsparker
Nessus
Fiddler
Lookout
Cloudbric
Intruder
