Before Using Netsparker

First of all, a fair warning:
Using a tool such as "Netsparker" against a website that you don’t have permission to test is against the law and as you can imagine Mavituna Security Limited is not responsible for such an action and not responsible for potential damage to the targeted website.

Second warning:
Netsparker is a web application security scanner that detects vulnerabilities in web applications by attacking them. That means it’s going to submit every form in the website including comments, e-mail contact forms, delete buttons, modify buttons etc. It’s going to click everything it can find and that means pretty much everything in the website.

During the crawling and attacking phases depending on the speed, Netsparker will send many requests to the target website; in some applications this might cause a DoS (Denial of Service). You can lower the "Scan Speed" before starting a new scan to avoid this.

To prevent Netsparker from testing certain pages you can use an "Exclusion Regex" as seen in the screenshot below.

Please consider this before running it against a production website. It’s always recommended to use it in pre-production environments to avoid nasty surprises but by using correct configuration and keeping a close watch you’ll be just fine in a production website as well.