Navigation



Netsparker Community Edition – Web Application Security Scanner

Last updated: September 9, 2015 | 10,293 views

Netsparker is a Web Application Security Scanner that claims to be False-Positive Free. The developers thought that if you need to investigate every single identified issue manually what’s the point of having an automated scanner? So they developed a new technology which can confirm vulnerabilities on demand which allowed us to develop the first false positive free web application security scanner.

When Netsparker identifies an SQL Injection, it can identify how to exploit it automatically and extract the version information from the application. When the version is successfully extracted Netsparker will report the issue as confirmed so that you can make sure that the issue is not a false-positive.

Same applies to other vulnerabilities such as XSS (Cross-site Scripting) where Netsparker loads the injection in an actual browser and observes the execution of JavaScript to confirm that the injection will actually get executed in the browser.

Thanks to its comprehensive and powerful JavaScript engine it’s possible to simulate a real attacker successfully. This means it can successfully analyse websites that rely on AJAX and JavaScript.

You don’t need to be a security expert, get training or read a long manual to start. Since the user interface is easy to use and can confirm and show you the impact, you can just fire it up and start using it.

Netsparker - Community Edition

You can download Netsparker – Community Edition here:

NetSparkerCommunityEditionSetup.exe

Or read more here.

Share3
Tweet
Share
Buffer
WhatsApp
Email
3 Shares
Posted in: Countermeasures, Database Hacking, Security Software, Web Hacking

, , , , , , , ,


Latest Posts:


zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors
March 31, 2020 - 110 Shares
Memhunter - Automated Memory Resident Malware Detection Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.
March 29, 2020 - 206 Shares
Sandcastle - AWS S3 Bucket Enumeration Tool Sandcastle – AWS S3 Bucket Enumeration Tool
Sandcastle is an Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target's name as the stem argument (e.g. shopify).
March 24, 2020 - 114 Shares
Astra - API Automated Security Testing For REST Astra – API Automated Security Testing For REST
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs.
February 27, 2020 - 572 Shares
Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
February 19, 2020 - 258 Shares
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
February 14, 2020 - 307 Shares


4 Responses to Netsparker Community Edition – Web Application Security Scanner

  1. Maximilian Corrientes April 19, 2010 at 11:36 pm #

    We’ve tested several scanners which claim to be “false positive” free.

    It would be great if someone could make an independent test of our result.

    http://labs.german-websecurity.com/en/blog/?p=12

    We made a testpage with a rewrite condition and we were stunned about the bad handling of false positives by the web security scanners.

  2. Ferruh Mavituna April 20, 2010 at 11:28 am #

    Maximilian,

    Thanks for pointing out this problem. Netsparker already has a URL Rewrite detection engine and it works on file extensions as well. However this particular case happens due to a bug.

    We fixed this problem in 1.3.7.32, will release it soon.

    Cheers,

  3. TheLightCosine April 23, 2010 at 6:12 pm #

    I was actually rather pleased with what I saw in the Community Edition. I’d love to see the Enterprise Edition at work to form a complete opinion, but I have written a little review over at my blog:

    http://cosine-security.blogspot.com/2010/04/netsparker-community-edition-review.html

    • Darknet April 23, 2010 at 7:18 pm #

      I’ll see if I can work something out regarding the Enterprise edition, Ferruh has been a long time reader here too :)