We just raised a $30M Series A: Read our story

Netsparker by Invicti OverviewUNIXBusinessApplication

Netsparker by Invicti is #15 ranked solution in AST tools and #18 ranked solution in application security tools. IT Central Station users give Netsparker by Invicti an average rating of 8 out of 10. Netsparker by Invicti is most commonly compared to OWASP Zap:Netsparker by Invicti vs OWASP Zap. The top industry researching this solution are professionals from a computer software company, accounting for 33% of all views.
What is Netsparker by Invicti?

Netsparker finds and reports web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) on all types of web applications, regardless of the platform and technology they are built with. Netsparker's unique and dead accurate Proof-Based scanning technology does not just report vulnerabilities, it also produces a Proof of Concept to confirm they are not false positives, freeing you from having to double check the identified vulnerabilities.

Netsparker by Invicti was previously known as Mavituna Netsparker.

Buyer's Guide

Download the Application Security Buyer's Guide including reviews and more. Updated: November 2021

Netsparker by Invicti Customers

Samsung, The Walt Disney Company, T-Systems, ING Bank

Netsparker by Invicti Video

Archived Netsparker by Invicti Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
MM
Senior Quality Control Manager at a insurance company with 51-200 employees
Real User
Great reporting review tool and very stable with an easy initial setup

Pros and Cons

  • "The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
  • "The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."

What is our primary use case?

We're primarily used the solution as a proof of concept using it for assessing the security of one of our web applications.

What is most valuable?

The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports.

What needs improvement?

The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them.

For how long have I used the solution?

I've been using the solution for about two months.

What do I think about the stability of the solution?

The solution is very stable.

What do I think about the scalability of the solution?

As I was only working on the demo version of the solution, I can't speak to how scalable it would be.

How are customer service and technical support?

The technical support team was very helpful. They offered me a demo before I started using the tool, and the demo was very impressive.

Which solution did I use previously and why did I switch?

We previously used a different tool, but it was also a demo, like Netsparker. We wanted to try Netsparker, so we moved to their demo.

How was the initial setup?

The initial setup was straightforward.

What about the implementation team?

I handled the implementation myself.

Which other solutions did I evaluate?

I tried some different tools. Some of them were full versions whereas others were demo versions like Netsparker.

What other advice do I have?

We're using a demo of the latest version for a POC. We used the on-premises deployment model.

I'd recommend Netsparker for anyone who wants to make a security assessment for web applications.

I'd rate the solution nine out of ten. The tool is full of useful features. However, the intercepting reviews in terms of web requests need some enhancements to be more usable.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PD
Founding Partner at da ros e associati srl
Real User
Has a low number of false positives but the program should be more affordable

Pros and Cons

  • "One of the features I like about this program is the low number of false positives and the support it offers."
  • "Netsparker doesn't provide the source code of the static application security testing."

What is our primary use case?

Our primary use case of this solution is to assess the security of our web application security.

What is most valuable?

One of the features I like about this program is the low number of false positives and the support it offers. 

What needs improvement?

The program uses technology that is different from application scanners. It's not an incremental solution. It could be a new product, but I'm not that knowledgeable to know which products are part of a suite. Netsparker doesn't provide the source code of the static application security testing. I would love to see a completion of the offering with statistical analysis. 

Every customer has its own nuance, so I don't think it's really an issue when it comes to the user interface. Every customer has something that they would like different because they're used to something different. In my opinion, there is not very much to mention besides changing as little as possible. Something that Microsoft often does, is to change things with every release and users don't like that. 

I would also see the price being at least 20% cheaper because the market is currently very crowded and there are many vendors and clients. A lower price will get more sales. 

For how long have I used the solution?

I have been using Netsparker for almost ten years now.

What do I think about the stability of the solution?

The solution is quite stable.

What do I think about the scalability of the solution?

When it comes to scalability, we tend to do one test at a time. It could be faster but there is always a trade-off between speed and accuracy. Accuracy is more important than speed.

How are customer service and technical support?

I rate the technical support seven out of ten, which is average to me. I don't have special requests that would stress a support team and so far my issues were resolved in a reasonable time. Should I have an emergency, I believe they will be very responsive.

How was the initial setup?

The initial setup is quite straightforward.

What other advice do I have?

There are many average products on the market, but I prefer Netsparker because to me wasting time after false positives is the worst thing that can happen. Accuracy is the most important thing to me. I rate Netsparker eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about Netsparker, Acunetix, PortSwigger and others in Application Security. Updated: November 2021.
554,382 professionals have used our research since 2012.
ITCS user
Security Specialist at Alfa-A IT
Real User
Powerful Crawler generates close to a full sitemap, including web services

Pros and Cons

  • "It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites."
  • "The scanner itself should be improved because it is a little bit slow."

What is our primary use case?

I use this solution for automated web application testing, and upon the first sight of the web app. I work alone in my company, so a helping hand is always useful. Netsparker did the job.

I use it principally for mapping the web application attack surface using its really good crawler.

How has it helped my organization?

Netsparker has done an awesome job with its crawler, as it has found all of the links (also thanks to its good DOM parser).

It has helped me a great deal on a first try over websites.

Netsparker made my work a lot easier in mapping web applications.

What is most valuable?

The most valuable feature is the crawler because it can found many links and generate close to a full sitemap.

It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites.

It also parses web services like SOAP, REST API, WSDL, and more.

Another thing I really like about Netsparker is the payload list that covers, including every type of vulnerability.

Netsparker Hawk is another good "tool", as it helped me locate some easy-to-find SSRF and XXE vulnerabilities in production websites. Its technology is really good and works well. OOB (Out Of Band) payloads work well.

What needs improvement?

The scanner itself should be improved because it is a little bit slow.

CPU usage should be improved due to my PC's fan going mad.

RAM usage also should be improved as well.

The attacker part of the scanner should be more fluid and faster.

There should be some option to tune up the scan, like throttling requests or using some WAF/IDS/IPS bypass technique. It needs more than what is currently in the Advanced Options.

The passive analyzer for some vulnerabilities should be improved, as it doesn't get all vulnerabilities. It should also be more efficient.

The scanner should also use some cool techniques to inject payloads, like replacing the entire body and Content-Type header (like for XML input).

For how long have I used the solution?

Several months.

How are customer service and technical support?

The customer service is good.

There are some problems with languages (like for Italian they send you people who can speak Italian just a bit, but it's ok).

Which solution did I use previously and why did I switch?

I have used Burp Suite Professional and Acunetix.

I switched to Netsparker just to try it and understand how it works.

How was the initial setup?

The setup is really easy and straightforward.

What about the implementation team?

For the trial, Netsparker itself contacted me by phone. Their support is really nice and helpful.

What's my experience with pricing, setup cost, and licensing?

I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on.

Which other solutions did I evaluate?

I did not evaluate other options.

What other advice do I have?

You can use Netsparker but use it carefully as some payloads can be dangerous in production. This is the same as Acunetix, WebInspect, and others.

Every scanner should have an option like Burp Suite to use dangerless payloads (with Distribute Damage extension).

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Nur Yesilyurt
Attack Developer at a tech vendor
Real User
APIs enabled me to automate scans for a large number of web applications

Pros and Cons

  • "Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
  • "Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
  • "The custom attack preparation screen might be improved."

What is our primary use case?

I used Netsparker in my company to apply continuous penetration testing. The company has 1000-plus web applications.

How has it helped my organization?

Because the company has many web applications, we had to automate scans. I wrote a batch script with the Netsparker API. This made it easy for my jobs.

What is most valuable?

Netsparker offers some pretty features:

  • Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface.
  • Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner.
  • A very useful API for automating the scans.

What needs improvement?

Perhaps the custom attack preparation screen might be improved. Also, they can implement mobile penetration testing support for manual and automated tests.

For how long have I used the solution?

Three to five years.

What do I think about the scalability of the solution?

The new version of Netsparker is better than the older versions for scalability.

What other advice do I have?

I rate it at nine out of 10 because, although I have used many web application scanners by now, Netsparker gives the fewest false-positives. That's the most important property for a web application scanner. When you buy a web application scanner, you actually pay for two features: non false-positive detection, and attack diversity. Other features affect the quality of a product. So, Netsparker deserves a nine.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user494973
Software Quality Assurance Engineer at ITONICS GmbH
Real User
I would highly recommend implementing this product to those who really care about the vulnerabilities and security of their products/applications

Pros and Cons

  • "When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
  • "It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."

What is our primary use case?

The primary use case of this solution is to Check the major vulnerabilities of the product such as SQL injection, XSS Exploitation, Broken Authentication,  Upload File Inclusion, CSRF, etc.

How has it helped my organization?

When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done.

With this wonderful tool, we can easily point out the outstanding reports of "Important", "Medium", "Low", and "Information" cases of vulnerabilities. Apart from that, it also visualizes what's wrong with the server, such as an outdated version, authorization, version disclosure, etc.

What is most valuable?

I like the way it provides the comprehensive result explaining the vulnerabilities which have been found along with how we can exploit those vulnerabilities with an example.

What needs improvement?

When scanning a large web-based application, it tends to process slow and takes a long time especially on crawling and attacking part. Would be better if that part would not take much time.

Apart from that, it would be better for listing and attacking Java-based web applications to exploit vulnerabilities.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Till now, no.

What do I think about the scalability of the solution?

Yes, sometimes it hangs up when running large web-based applications.

How are customer service and technical support?

9 out of 10.

Which solution did I use previously and why did I switch?

Yes, I have used Acunetix, and the reason I switched to Netsparker would be:

The performance I found on Acunetix was very slow. It would take like a day if I had to scan our web based application product. That is not reliable when you are working with those clients who want a quick response.

How was the initial setup?

I found it's straightforward and anyone can setup this solution. However naive or rookie, you may have obstacles setting up with LDAP login or Browser Authentication.

What's my experience with pricing, setup cost, and licensing?

I would definitely recommend to those who really want to know in-depth details of their applications/products regarding the security of their web system.

Which other solutions did I evaluate?

No, I haven't.

What other advice do I have?

Like I wrote earlier, I would highly recommend implementing this product to those who really care about the vulnerabilities and security of their products/applications.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Ex Senior Security Analyst and Onsite consultant at Paladion Networks
Consultant
Efficient in highlighting medium-low vulnerabilities. However, Cross-Site Scripting, SQL Injection and other higher level injection attacks are difficult to highlight.

Pros and Cons

  • "The scanner is light on the network and does not impact the network when scans are running."
  • "The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."

What is our primary use case?

This product is mainly required for Automated Web Application Security Testing. We used the product over a shared directory.

How has it helped my organization?

It was very effective to highlight the low and medium level vulnerabilities which are generally easy to miss out.In certain cases we observed that high-level vulnerabilities could be pointed out with ease.

What is most valuable?

The scanner is light on the network and does not impact the network when scans are running. It is very efficient in highlighting medium-low vulnerabilities. These vulnerabilities during in-depth testing may find a miss but Netsparker can figure these very easily.

What needs improvement?

The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The product is highly stable and does not create any issues.

What do I think about the scalability of the solution?

It is available across different platforms and is highly scalable.

How are customer service and technical support?

The technical support team was highly responsive and we used to get regular emails from their side, i.e., whenever there were any issues or new releases. In fact, the customer service is the best when compared to other competitor products.

Which solution did I use previously and why did I switch?

Since the time I am associated to this company, we have constantly used Netsparker as one of our tools.

How was the initial setup?

The setup is very straightforward and as it is connected to the network, it is very easy to update the product on a regular basis.

What's my experience with pricing, setup cost, and licensing?

In our organization, we had a separate team which looked after the pricing and licensing policies. However, we never had any issues with the licensing; the price was within our assigned limits.

Which other solutions did I evaluate?

We do use other different products to confirm our results namely Burp Suite, Nessus, Qualys Inc. etc. Each product is used for the different stages of testing.

What other advice do I have?

It is a highly scalable and multi-user platform. You need to ensure that you have a virtual machine connected over to the internet for most of the system, as there are weekly and monthly updates.

Disclosure: My company has a business relationship with this vendor other than being a customer: We consider Netsparker as our partner.
it_user702261
Manager Compliance - Processes / InfoSec. at a tech services company with 201-500 employees
Consultant
Organizations thinking to implement it need a team of technical personnel onboard

Pros and Cons

  • "Scan, proxify the application, and then detailed report along with evidence and remediations to problems."
  • "I think that it freezes without any specific reason at times. This needs to be looked into."

What is most valuable?

Scan, proxify the application, and then detailed report along with evidence and remediations to problems.

How has it helped my organization?

We are trying to integrate this product fully into our CI/CD Pipeline. Right now, the basic scan is done. More is being done currently.

What needs improvement?

I think that it freezes without any specific reason at times. This needs to be looked into.

The UI is a bit cluttered, but it's ok since the Application Security does look at many facets of the Application.

What do I think about the stability of the solution?

No. Not so far with the upgrades. It updates itself given it is network access and it has plugins too.

What do I think about the scalability of the solution?

We haven't scaled it up so I can't comment. But, we have plans.

How are customer service and technical support?

Quite high. They are scattered all over social. They have wikis, a website, YouTube videos. They don't have a blog, or I might not have come across it, but given the option of googling things around, they are documenting many things.

Plus, they have active Google groups, where their response time is around a day.

Which solution did I use previously and why did I switch?

For application security, we tried Netsparker, Accunetix, but this one has a free option and recommended Software from OWASP.

How was the initial setup?

Quite straightforward. We did have a detailed look at YouTube videos, and read the wiki.

In other words, we did our research thoroughly, as their content was online. So it was finding the right content at the right time.

What's my experience with pricing, setup cost, and licensing?

Being as this software is on an Open Source license, I would advise having a technical person on board, who knows how to handle this product.

OWASP Zap is free and it has live updates, so that's a big plus.

Organizations thinking to implement it need a team of technical personnel onboard.

Which other solutions did I evaluate?

We did try the commercial ones, but since OWASP is known as an authority in web application security, we opted for this software.

What other advice do I have?

Go right ahead. You need to have a technical person.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user701418
Security Analyst with 1,001-5,000 employees
Vendor
The scanner and the result generator are valuable features for us

Pros and Cons

  • "The scanner and the result generator are valuable features for us."
  • "The support's response time could be faster since we are in different time zones."

What is most valuable?

The scanner and the result generator are valuable features for us.

How has it helped my organization?

We have integrated the Netsparker API into the scripts that we use.

What needs improvement?

The support's response time could be faster since we are in different time zones.

For how long have I used the solution?

We have been using the solution for a couple of years.

What do I think about the stability of the solution?

We did not encounter any issues with stability.

What do I think about the scalability of the solution?

We did not encounter any issues with scalability.

How are customer service and technical support?

I would rate the technical support at an eight out of 10.

Which solution did I use previously and why did I switch?

We use simultaneous products, but I found this to be the best of the lot.

How was the initial setup?

It is easy to use. There is always someone available who can give you a free demo when you install the software according to your convenience.

What's my experience with pricing, setup cost, and licensing?

There is flexible pricing per user and per year. It is competitive in the security market.

Which other solutions did I evaluate?

We evaluated Nessus and Acunetix.

What other advice do I have?

It is a pretty good product, if you go with the full version. It has a good report generation and enables better customization of policies.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user696993
Senior Information Security Consultant at a tech services company
Consultant
Its ability to crawl a web application is quite different.

Pros and Cons

  • "Its ability to crawl a web application is quite different than another similar scanner."
  • "Maybe the ability to make a good reporting format is needed."

What is most valuable?

Its ability to crawl a web application is quite different than another similar scanner.

Sometimes, it can find more vulnerabilities that another scanner can’t. Usually, I have used both the scanners so I can get more results.

How has it helped my organization?

I’m not sure about the improvement part for our organization since I have only used this product for three months.

What needs improvement?

Maybe the ability to make a good reporting format is needed.

For how long have I used the solution?

I got the trial license for about three months.

What do I think about the stability of the solution?

There were no stability issues.

What do I think about the scalability of the solution?

There were no scalability issues.

How are customer service and technical support?

I have never contacted technical support.

Which solution did I use previously and why did I switch?

We did not switch solutions, just tried different tools to see the results.

How was the initial setup?

The setup is easy and straightforward, because I was using Windows.

Which other solutions did I evaluate?

My office gave me the trial license and told me to try out these products. That’s it. Just compared it to other similar tools such as NeXpose and Acunetix.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user494973
Software Quality Assurance Engineer at ITONICS GmbH
Real User
It provides the comprehensive reports in various formats such as PDF and HTML.

What is most valuable?

I like the way Netsparker provides the comprehensive reports in various formats such as PDF, HTML, etc., which are enough to understand what's going on with our web application.

How has it helped my organization?

When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done. By using this wonderful tool, we can easily see on the outstanding reports "Important", "Medium", "Low", and "Information" vulnerabilities. Apart from that, it also visualizes what's wrong with a server such as an outdated version, authorization, version disclosure, etc.

What needs improvement?

Sometimes, it is slow; when we are running this application and browsing other applications concurrently, it makes other applications work slow. Besides that, it seems fine.

When I use Netsparker along with other applications such as testing web apps on browsers like Chrome or Firefox for a little longer than normal, there are issues that might be due to the CPU high usage. I'm unable to work on other applications (mainly browsers such as Chrome/Firefox) and ultimately it hangs and takes time to browse on browsers.

For how long have I used the solution?

I have used it for most of the cases when I have to check vulnerabilities and other security exploitation. So, it's been like six months.

What was my experience with deployment of the solution?

I have not use this feature. I will let you know when i am done with deployment.

What do I think about the stability of the solution?

Until now, I have not encountered any stability issues.

What do I think about the scalability of the solution?

It sometimes hangs when running large web-based applications.

How are customer service and technical support?

The way they are communicating with users like us, yeah, we can give them 9 out of 10. :)

Which solution did I use previously and why did I switch?

I have used Acunetix. The reason I switched to Netsparker would be that the performance I found on Acunetix was very slow. It would take something like a day if I had to scan our web-based application product. That is not reliable when you are working with clients who want a quick response regarding how the application performs.

How was the initial setup?

I found initial setup to be straightforward; anyone can set up this solution.

What about the implementation team?

Not from a vendor team.

What's my experience with pricing, setup cost, and licensing?

Price seem to be reliable.

Which other solutions did I evaluate?

No i did not evaluate other options.


What other advice do I have?

I would definitely recommend it to those who really want to know in-depth details of their applications/products regarding security.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user496341
IT Engineer at a aerospace/defense firm with 1,001-5,000 employees
Vendor
It searches for a lot of updated vulnerabilities. A lot of the security tests are now automated.

What is most valuable?

  • It has a very user-friendly page.
  • Creating custom policies is very easy.
  • It searches for a lot of updated vulnerabilities.

How has it helped my organization?

Before Netsparker, we were opening internal web pages to the outside for manual tests. Health tests were limited by a system admin’s capabilities. After Netsparker, a lot of the security tests became automated. We added a step in our policy document to scan pages with Netsparker before opening a site to the outside.

What needs improvement?

Maybe supported clients can be improved. It still does not search vulnerabilities in DB2 databases, for example. In NetSparker you can modify your scan for specifik target database type, programming language and web server type. And there isn’t DB2 database option for database target in scan Editor.

For how long have I used the solution?

I have been using it for about two years.

What do I think about the stability of the solution?

On early versions, scanning for vulnerabilities didn’t complete. But now it takes an acceptable amount of time.

What do I think about the scalability of the solution?

I did not encounter any scalability issues. With a licence, you can install and run multiple instances of Netsparker at the same time, of course on different targets. Also, you can restrict network access or requests to the page.

How are customer service and technical support?

Technical support is very professional, 10/10. They know what they are doing.

Which solution did I use previously and why did I switch?

We did not previously use a different solution. We started with Netsparker.

How was the initial setup?

Setting up and updating Netsparker is very easy; only one click.

What's my experience with pricing, setup cost, and licensing?

Actually, I am a technical guy; I don’t know exactly the price, but I do know that if the product was expensive, our manager wouldn’t have bought it. J

Which other solutions did I evaluate?

We tried Acunetix, but Netsparker has one up on it.

What other advice do I have?

You must work on your environment first. List the web applications’ background: the systems they are using, web server type, database type, programming language. Netsparker supports lots of them, but there are still some restrictions. If they know their environment, the decision is easier.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user490131
Software Quality Assurance Analyst at a real estate/law firm with 5,001-10,000 employees
Vendor
It has improved the security of our code by scanning it and finding security defects.

Valuable Features

The product’s most valuable features are its security scanning features.

Improvements to My Organization

It has improved the security of our code by scanning it and finding security defects.

Room for Improvement

Speed: It spends about one hour on scanning; I would like it to be less than 30 minutes. Because our solution is large, NetSparker spends about one hour on scanning our code. It also depends on network speed, and just like anti-virus software, the scan time is a key performance requirement for NetSparker. The less the better. Thank you.

Use of Solution

I have used it for two years.

Stability Issues

I did not encounter any stability issues.

Scalability Issues

I did not encounter any scalability issues.

Customer Service and Technical Support

Technical support is good.

Initial Setup

Initial setup is not complex. Just follow the instructions.

Pricing, Setup Cost and Licensing

Price is not the key point.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user498570
Quality Assurance Specialist at a computer software company with 51-200 employees
Real User
Its web crawler introduced us to many security vulnerabilities and information we had not known before. Netsparker does not integrate SSO functionality.

What is most valuable?

  • Simple, easy and straightforward to start.
  • eader information is displayed in an easy to ready way which can be interpreted separately.
  • Vulnerabilities categorization, along with the suggestions, is pretty helpful.
  • Command line tool did seem interesting, but I couldn’t do much with it. It was a bit hard to learn its usage.
  • Crawling websites is one of its best features.

NetSparker is a very easy to use and understand product. Its web crawler feature has benefitted us the most. And introduced us to many security vulnerabilities and information we had not known before. I really like how we can tune the number of concurrent sessions as well, which allows us to do some performance testing as well.

How has it helped my organization?

It covers basic-intermediate web attacks and presents the information in a very descriptive way. This enhances knowledge and also helps to identify which areas are lacking attention.

Other than that, it helps you start looking for the attack vectors and points of weakness.

What needs improvement?

Login functionality: Netsparker does not integrate single-sign-on functionality, which makes it very difficult to use for such websites. SSO has become an essential part of web security testing over the last few years. I would love to see this feature in new releases.

For how long have I used the solution?

I have been using it for ~6 months.

What do I think about the stability of the solution?

It is a resource-intensive program, and while it is running, other processes get very slow.

What do I think about the scalability of the solution?

I did not encounter any scalability issues.

Which solution did I use previously and why did I switch?

This was the starting point. We chose this because Troy Hunt (security advisor) had provided a positive and thorough review of this product on his blog.

We used this product along with some others (SkipFish, NMap, etc.) to fully test the security of our products.

How was the initial setup?

As I mentioned before, installing and using Netsparker is pretty easy compared to other products available.

What's my experience with pricing, setup cost, and licensing?

It is a good tool, as we found out with the Community Edition trial. But the price point is quite expensive for a startup or average-sized company.

Other than what I’ve written, it is a fine product but it cannot be used alone. It covers most of the basic-intermediate level attacks, which is really good as a starting point. But for the high-level and advanced analysis, other (similar) tools are needed, which is why I think its price point is very high.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Application Security Report and find out what your peers are saying about Netsparker, Acunetix, PortSwigger, and more!