Netsparker Security Scanner is a web application security scanner that automatically identifies XSS (cross-site scripting), SQL Injection and various other vulnerabilities and security flaws in websites, web applications and web services. PoCs (proof of concepts) are produced to ensure they are not false positives, eliminating the need for users to double check vulnerabilities. Netsparker finds and reports on every type of web application, regardless of the platform or technology they were built with.
Netsparker Cloud offers built-in enterprise workflow tools that allow users to scan from 500 to 1000 web applications at once. Users can configure every detail of the security scan including attack options, scan policies, HTTP options, authentication options, URL rewrite rules, and more. The solution's web service based REST API allows users to remotely trigger web vulnerability scans anywhere, and anytime. Organizations can also integrate automated security scans in their development environment, and launch vulnerability scans throughout all stages of the software development lifecycle.
Netsparker Cloud enables administrators to add multiple team members as users and assign specific access privileges, allowing them to collaborate and share their findings with the entire team. The dashboard allows users to keep track of the security of each web application at a glance, with correlated trending reports to help users monitor the productivity and quality of work done by developers.
Pros
I like Netsparker because is very easy to use, but at the same time has a lot of options that allow an expert user to customize the level of scanning. Also make authenticated scan is very easy (several options are available). Report templates are different and cover all your needs.
Cons
When do concurrent scans it consumes a lot of resources.
Thank you for your review of Netsparker, this is much appreciated. We are glad to hear the software satisfies your and your clients' needs.
We are required to run weekly vulnerability scans on many of our production websites and we try to use Netsparker to do these scans. We can schedule when the scans will run and they usually do run. The problem is, if the scan has a problem it must be canceled, otherwise it will never finish and no report will ever be generated.
Pros
Netsparker comes with an automation API so it is possible to include it as part of a Continuous Integration / Continuous Deployment (CI/CD) system. It usually works but not always.
Cons
There is almost no documentation about how to use the product. You are expected to open a support ticket and ask how to do some of simplest things and it usually take a day to get a response back from support. Often the response is, "We don't support that", or "We don't have a sample that does that". I one time asked for .Net Framework sample code to pull a report from Netsparker and the answer I got was "Go toe the GUI and select these buttons. The report will download." The problem was I needed to download the reports problematically. Other times I asked for .Net samples and was given Python code. They are the same, correct?
Hello,
Thank you for your feedback.
I am sorry to hear you have encountered such issues. Rest assured that this is not the norm, hence why I am personally reaching out to you.
We do have extensive product documentation (https://www.netsparker.com/support/) and we pride ourselves on giving excellent product support, as can be seen by the many testimonials and case studies we have published.
However sometimes things can go wrong. So can you please send me an email on [email protected] so I can personally look into this matter and iron out any issues there are, so you can benefit from our product.
Looking forward to hearing from you.
Mehmet ATA
Technical Support Manager
Stands out in the space as being one of the easier to use tools.
While OWASP ZAP is an excellent tool NetSparker takes the same principles to the next level and bundles it into an easy to use and highly valuable application security scanner SaaS!
Pros
UI is top-notch and easy to grok. It's highly efficient and customizable tool provide in depth reporting when you need it most. Support team is A+! Being able to generate multiple types of reports based on customer needs is quite useful.
Cons
Docs were a bit outdated or not easy to follow when we initially started using the product. Support has steadily been improving them and they look great now.
Thank you for your positive feedback. We are glad that Support documentation is improving.
My years of experience with Netsparker have been nothing but positive and I truly enjoy using this tool to assess our web applications.
Pros
The software is very easy to use yet has extreme amount of customization for scanning any web application.
Cons
Without an intimate knowledge of the capability of the tool, you may miss out on truly reaping its benefits in deep scanning of web applications.
My overall experience has been positive. I would recommend the software to others and we will continue to use it. Just be ready to play some games with licenses if using the cloud version.
Pros
Netsparker is easy to use, easy to configure, and you can be up and running your first scan in a matter of minutes. The scan results offer details on how to remediate the findings as well as what they did to find and validate the finding.
Cons
One main issues. I would like to be able to change a domain. If I have a license for two domains, I should be able to rotate them. If server1.com goes EoL and server2.com has taken its place, I have to buy another subscription. Not cool.
Thank you for your feedback! We are glad that Netsparker is working out for you. Should you need to change a domain, you may do so upon renewal by contacting Support.
Netsparker Cloud
3 websites: $1,450 per year
10 websites: $4,500 per year
20+ websites: contact Netsparker
Netsparker Cloud on-premises and Netsparker Desktop versions are also available. Contact Netsparker for pricing information.
Below are some frequently asked questions for Netsparker Security Scanner.
Netsparker Security Scanner offers the following pricing plans:
Starting from: US$1 450,00/year
Pricing model: Subscription
Free Trial: Available
Netsparker Cloud
3 websites: $1,450 per year
10 websites: $4,500 per year
20+ websites: contact Netsparker
Netsparker Cloud on-premises and Netsparker Desktop versions are also available. Contact Netsparker for pricing information.
Netsparker Security Scanner offers the following features:
Netsparker Security Scanner has the following typical customers:
Large Enterprises
Netsparker Security Scanner supports the following languages:
English
Netsparker Security Scanner has the following pricing plans:
Subscription
We do not have any information about what devices Netsparker Security Scanner supports
Netsparker Security Scanner integrates with the following applications:
Centraleyezer, GitHub
Netsparker Security Scanner offers the following support options:
Online Support, Phone Support
I use Netsparker as a Consultant for my clients. I'm very satisfied about the product and how this software help our client to check the security level of the web applications. We also help our clients to build a remediation plan (through the report of Netsparker is very easy and quick perform that task) and through Netsparker checks that all the remediations implemented are in place