Netsparker Web Application Scanner
- Sunday, August 8, 2010, 0:54
- Articles
Netsparker is a web application security product from Mavituna Security. They recently released a community edition of their scanner, although the it’s pretty stripped down so I ‘m not sure how useful it would be for season security professionals.
They make an extraordinary claim on their site, which is the reason for this post. They claim to be “false-positive free” Actually , here is there exact wording:
Netsparker® doesn’t produce false positives, period.
Really? No false positives? In my opinion, that’s a bold statement. One caveat, is that they do report issues as “potential”, which may be the reason for the no false-positive claims.
They must call false positives “potential issues”.
Anyways, I’ve never used their software so I don’t know much about it, but whenever I run across a security vendor that makes such an absolute statement like that, I can’t help but laugh.
I’d love to hear from anyone who’s used their pay versions. I’ve used plenty of the large commercial offerings (WatchFire, Cenzic, SPI) as well as some of the free/open-source offerings. How does Netsparker compare?
http://www.mavitunasecurity.com/netsparker/
About the Author:
it is a good tool, and I am talking about the commercial version. it does not produce all that FP that some other products do, and it does not offer 10 variants of vulnerability for one issue. It usually sends up direct info regarding the issue, and not common info regarding a issue in a possible x,y,z,f software.
PS: The time based Blind SQL Injection is a big + for the solution.