Friday, July 24, 2015

Netsparker Web Vulnerability Scanner

I was recently investigating Web Vulnerability Scanners and I came across Netsparker: https://www.netsparker.com/web-vulnerability-scanner/

I downloaded the demo and requested a fully functional trial version as well.

Overall, this is an excellent easy-to-use security scanning tool, and the demo version provides very useful information about the types of vulnerabilities that can be found in an ASP.NET Web Application.

Unfortunately, the demo site that they use (http://aspnet.testsparker.com) is an ASP.NET Web Forms Web Application and therefore will exhibit a different set of security vulnerabilities than the newer ASP.NET MVC Framework which many companies are using.

The lack of an ASP.NET MVC Demo Site significantly detracts from the usefulness of the demo for anyone evaluating this software for themselves (especially for modern ASP.NET development teams).

However, the friendly sales and support staff definitely makes up for this shortcoming to provide an excellent overall web security vulnerability scanner.

The Standard edition allows for 3 Websites (3 unique FQDNs) while the Professional edition allows for an unlimited number of websites (unlimited FQDNs).

The Standard edition will suit most organizations that have an autodeploy server and are not using host headers or subdomains to access the various different Web Applications.  Therefore, http://myserver.mycompany.com/App1 and http://myserver.mycompany.com/App2 and http://myserver.mycompany.com/App3 all still qualify as a single website whereas http://myapp1.mycompany.com and http://myapp2.mycompany.com would qualify as 2 separate websites.

If you are looking to incorporate Web Vulnerability testing int your development process, you should definitely take a look at Netsparker!!

No comments:

Post a Comment