Review: Netsparker Enterprise web application scanner

2020-10-19 05:15

Since a typical vulnerability scanner needs to detect vulnerabilities in deployed software, they are not dependent on the language or technology used for the application they are scanning.

We reviewed Netsparker Enterprise, which is one of the industry's top choices for web application vulnerability scanning.

Netsparker Enterprise is primarily a cloud-based solution, which means it will focus on applications that are publicly available on the open internet, but it can also scan in-perimeter or isolated applications with the help of an agent, which is usually deployed in a pre-packaged Docker container or a Windows or Linux binary.

This also reinforces the need to use a SAST-based scanner in the application security scanning stack, to improve test coverage in addition to other, manual based security review processes.

Taking into account the fact that this is an automated scanner that relies on "Black boxing" a deployed application without any instrumentalization on the deployed environment or source code scanning, we think it is very accurate, though it could be improved.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/jfSdH4PIFQw/

#WEB