Benefits of Netsparker

Productivity

If you’re considering Netsparker for use in a formal pen-testing environment, chances are you need it to support automation, collaboration and integration with your other security tools. Don’t worry - Netsparker handles these requirements with ease.

Automation

Netsparker offers a rich CLI (Command Line Interface), enabling you to automate scanning and to integrate Netsparker into your automated scanning, reporting or development systems.

Scheduled Scanning

For evolving web applications that require regular and repeated security testing, Netsparker allows scanning to be scheduled for automatic (unattended execution).

The scheduling mechanism is flexible enough to support individual (one-time) scheduled execution, as well as daily, weekly or monthly recurrence, including automatic generation of scan reports with template-based unique naming.

Save/Load/Resume Scan Sessions

Scanning a large web application can be time-consuming and there may be occasions when you need to interrupt scanning and resume it later.

Netsparker accommodates this by allowing any scan session, including incomplete sessions, to be saved to a local disk file. The file may be subsequently re-loaded and, in the case of an incomplete session, it may be resumed.

A loaded scan session is, in every respect, equivalent to a session generated directly by scanning, allowing reporting, interrogation of its data and all forms of follow-up action, such as integrated exploitation and vulnerability re-testing.

Importing From Other Tools

To enable Netsparker to security test web applications that have been previously tested or crawled by other tools, it supports the import of their session data.

Netsparker is currently able to import session data from Fiddler, Paros, Burp and plenty of others and it can import from raw HTTP requests and links from any proxy tool or custom tool.

Inter-operability with Other Security Tools

Through close collaboration with a selection of other security tool vendors, Netsparker has been designed to inter-operate with their products.

Tools that currently inter-operate with Netsparker include: Metasploit, Metasploit Express, Metasploit Pro, Honey Apps, Vulnerability Manager, Dradis Framework.

Performance-Optimized Scanning

Security scanning a large and complex web application can be very time consuming – sometimes running to days or even weeks.

Netsparker includes a number of built-in features that are designed to optimize this process, often resulting in dramatic reductions in overall scanning time:

Multi-Threading
Since Netsparker’s throughput is directly affected by network latency, it makes sense to execute multiple network requests in parallel. The thread count is user-configurable, enabling performance to be balanced against resource consumption.

Parallel Scanning
Extending the concept of multi-threading, Netsparker is currently being upgraded to supports parallel scanning, whereby the attack phase launches even before the pre-requisite crawling phase is complete.

Configurable Coverage
When testing for a specific group of vulnerabilities, Netsparker may be configured to omit all other tests, thus streamlining the attack phase.

Configurable Scope

User-Selectable Parsing Engines

One of the most time-intensive aspects of security scanning is parsing HTTP responses. Netsparker incorporates a simple text parser as well as script parser; the latter being essential for web applications that use any form of client-side scripting. For simple web applications that do not use client-side scripting, the script parser may be disabled for improved performance.

Intelligent Test Bypass
When, during the crawling phase, an application discloses certain facts about its infrastructure, Netsparker interprets this disclosure and uses it to disable the subsequent execution of attacks that are no longer relevant.