Netsparker Web Application Security Scanner Review

I would highly recommend implementing this product to those who really care about the vulnerabilities and security of their products/applications


What is our primary use case?

The primary use case of this solution is to Check the major vulnerabilities of the product such as SQL injection, XSS Exploitation, Broken Authentication,  Upload File Inclusion, CSRF, etc.

How has it helped my organization?

When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done.

With this wonderful tool, we can easily point out the outstanding reports of "Important", "Medium", "Low", and "Information" cases of vulnerabilities. Apart from that, it also visualizes what's wrong with the server, such as an outdated version, authorization, version disclosure, etc.

What is most valuable?

I like the way it provides the comprehensive result explaining the vulnerabilities which have been found along with how we can exploit those vulnerabilities with an example.

What needs improvement?

When scanning a large web-based application, it tends to process slow and takes a long time especially on crawling and attacking part. Would be better if that part would not take much time.

Apart from that, it would be better for listing and attacking Java-based web applications to exploit vulnerabilities.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Till now, no.

What do I think about the scalability of the solution?

Yes, sometimes it hangs up when running large web-based applications.

How are customer service and technical support?

9 out of 10.

Which solution did I use previously and why did I switch?

Yes, I have used Acunetix, and the reason I switched to Netsparker would be:

The performance I found on Acunetix was very slow. It would take like a day if I had to scan our web based application product. That is not reliable when you are working with those clients who want a quick response.

How was the initial setup?

I found it's straightforward and anyone can setup this solution. However naive or rookie, you may have obstacles setting up with LDAP login or Browser Authentication.

What's my experience with pricing, setup cost, and licensing?

I would definitely recommend to those who really want to know in-depth details of their applications/products regarding the security of their web system.

Which other solutions did I evaluate?

No, I haven't.

What other advice do I have?

Like I wrote earlier, I would highly recommend implementing this product to those who really care about the vulnerabilities and security of their products/applications.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest