Most Helpful Review
A mature and evolving solution that has become the pinnacle point for anything that enters the network
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface.
Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner.
When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done.
The scanner is light on the network and does not impact the network when scans are running.
Scan, proxify the application, and then detailed report along with evidence and remediations to problems.
The scanner and the result generator are valuable features for us.
Its ability to crawl a web application is quite different than another similar scanner.
It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed.
The custom attack preparation screen might be improved.
It would be better for listing and attacking Java-based web applications to exploit vulnerabilities.
The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker.
I think that it freezes without any specific reason at times. This needs to be looked into.
The support's response time could be faster since we are in different time zones.
Maybe the ability to make a good reporting format is needed.
The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side.
Pricing and Cost Advice
We never had any issues with the licensing; the price was within our assigned limits.
OWASP Zap is free and it has live updates, so that's a big plus.
It is competitive in the security market.
Information Not Available
out of 40 in Application Security
Average Words per Review
out of 32 in Vulnerability Management
Average Words per Review
Compared 21% of the time.
Compared 20% of the time.
Compared 16% of the time.
Compared 39% of the time.
Compared 19% of the time.
Compared 13% of the time.
Also Known As
Netsparker finds and reports web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) on all types of web applications, regardless of the platform and technology they are built with. Netsparker's unique and dead accurate Proof-Based scanning technology does not just report vulnerabilities, it also produces a Proof of Concept to confirm they are not false positives, freeing you from having to double check the identified vulnerabilities.
Tripwire IP360 delivers risk-based vulnerability assessment and asset discovery capabilities. With IP360, you get:
Learn more about Netsparker Web Application Security Scanner
Learn more about Tripwire IP360
|Samsung, The Walt Disney Company, T-Systems, ING Bank||State of Iowa, State of Minnesota, U.S. Cellular|
See also Netsparker Web Application Security Scanner Reviews, Tripwire IP360 Reviews, and our list of Best Application Security Companies.