Review by Jason Haddix

Today we showcase a new web application scanner called Netsparker, and believe us when we say we put this app through the ringer.

There's a big distinction between testing a tool against dummy apps in a lab and using it first hand against a large environment. Luckily for us we got to do both.

Over the course of a month we ran several engagements and specifically watched Netsparker’s performance compared to other tools we normally use in the assessment process (w3af, Grendel Scan, Nikto, Wikto, Websecurify, Paros, Burp, etc). We have to say, we are very impressed. Netsparker not only caught vulnerabilities that other scanners missed but also had excellent remediation and a documentation section for most of its findings.

For injection it does a full-scale attack, testing every parameter it can spider (which it also does very well), and, although this lengthens the testing time, it also awarded us with some valuable injection findings. Netsparker is developed by Mavituna Security, and more specifically our guest, Ferruh Mavituna.