Benefits of Netsparker

Trying Netsparker is easy and completely free. Just click the button at the right to claim your 15-day evaluation copy of Netsparker Professional. No payment is required and we will not ask for your credit card details.

Try it for free 15-Day Trial Period*

Advanced Scanning

Behind its deceptively simple user interface, Netsparker hosts an advanced suite of scanning technologies that can probe deep into your web application, identifying security flaws that other products merely leave to chance.

AJAX/JavaScript Support

As part of its response parsing mechanism, Netsparker incorporates a JavaScript engine that can parse, execute and analyze the output of JavaScript and VBScript.

This allows Netsparker to successfully crawl and interpret web applications that rely on client-side scripting, including custom code execution, AJAX operations or page content that is dynamically created using well-known frameworks such as jQuery.

Authentication

Nearly every serious web application uses authentication, so it is essential that security scanning is able to access pages that require authentication. Netsparker addresses this need by including an authentication module that allows web application authentication credentials to be configured as part of the scan profile.

Netsparker supports the following authentication methods:

  • Basic Authentication
  • Form Authentication
  • NTLM Authentication
  • Digest Authentication
  • Kerberos Authentication

Anti-CSRF Token Support

Many web applications incorporate protection mechanisms to guard against CSRF (Cross-site Request Forgery). However, most other web application security scanners are unable to successfully scan pages that use these mechanisms, rendering them ineffective at security auditing such sites.

Netsparker addresses this challenge by getting a new Anti-CSRF token before carrying out requests. Enabling it to offer the only complete security scanning solution for this scenario.

Auto Custom 404 Detection

Unlike some other scanners, which report custom 404 pages as vulnerabilities, Netsparker is able to detect them and thus suppress reporting vulnerabilities for them.

Heuristic URL Rewrite Detection

Netsparker can heuristically detect commonly-used URL Rewrite patterns to avoid repeatedly scanning the same resources. Netsparker’s library of supported URL Rewrite patterns is subject to regular and ongoing development.