Netsparker Web Application Security Scanner Overview

Netsparker Web Application Security Scanner is the #10 ranked solution in our list of AST tools. It is most often compared to OWASP Zap: Netsparker Web Application Security Scanner vs OWASP Zap

What is Netsparker Web Application Security Scanner?

Netsparker finds and reports web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) on all types of web applications, regardless of the platform and technology they are built with. Netsparker's unique and dead accurate Proof-Based scanning technology does not just report vulnerabilities, it also produces a Proof of Concept to confirm they are not false positives, freeing you from having to double check the identified vulnerabilities.

Netsparker Web Application Security Scanner is also known as Mavituna Netsparker.

Buyer's Guide

Download the Application Security Buyer's Guide including reviews and more. Updated: April 2021

Netsparker Web Application Security Scanner Customers

Samsung, The Walt Disney Company, T-Systems, ING Bank

Netsparker Web Application Security Scanner Video

Filter Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Attack Developer at a tech vendor
Real User
APIs enabled me to automate scans for a large number of web applications

What is our primary use case?

I used Netsparker in my company to apply continuous penetration testing. The company has 1000-plus web applications.

Pros and Cons

  • "Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
  • "Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
  • "The custom attack preparation screen might be improved."

What other advice do I have?

I rate it at nine out of 10 because, although I have used many web application scanners by now, Netsparker gives the fewest false-positives. That's the most important property for a web application scanner. When you buy a web application scanner, you actually pay for two features: non false-positive detection, and attack diversity. Other features affect the quality of a product. So, Netsparker deserves a nine.
Software Quality Assurance Engineer at ITONICS GmbH
Real User
I would highly recommend implementing this product to those who really care about the vulnerabilities and security of their products/applications

What is our primary use case?

The primary use case of this solution is to Check the major vulnerabilities of the product such as SQL injection, XSS Exploitation, Broken Authentication, Upload File Inclusion, CSRF, etc.

Pros and Cons

  • "When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
  • "It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."

What other advice do I have?

Like I wrote earlier, I would highly recommend implementing this product to those who really care about the vulnerabilities and security of their products/applications.
Find out what your peers are saying about Netsparker, Acunetix, PortSwigger and others in Application Security. Updated: April 2021.
479,894 professionals have used our research since 2012.
Ex Senior Security Analyst and Onsite consultant at Paladion Networks
Consultant
Efficient in highlighting medium-low vulnerabilities. However, Cross-Site Scripting, SQL Injection and other higher level injection attacks are difficult to highlight.

What is our primary use case?

This product is mainly required for Automated Web Application Security Testing. We used the product over a shared directory.

Pros and Cons

  • "The scanner is light on the network and does not impact the network when scans are running."
  • "The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."

What other advice do I have?

It is a highly scalable and multi-user platform. You need to ensure that you have a virtual machine connected over to the internet for most of the system, as there are weekly and monthly updates.
Manager Compliance - Processes / InfoSec. at a tech services company with 201-500 employees
Consultant
Organizations thinking to implement it need a team of technical personnel onboard

Pros and Cons

  • "Scan, proxify the application, and then detailed report along with evidence and remediations to problems."
  • "I think that it freezes without any specific reason at times. This needs to be looked into."

What other advice do I have?

Go right ahead. You need to have a technical person.
Security Analyst with 1,001-5,000 employees
Vendor
The scanner and the result generator are valuable features for us

Pros and Cons

  • "The scanner and the result generator are valuable features for us."
  • "The support's response time could be faster since we are in different time zones."

What other advice do I have?

It is a pretty good product, if you go with the full version. It has a good report generation and enables better customization of policies.
Senior Information Security Consultant at a tech services company
Consultant
Its ability to crawl a web application is quite different.

Pros and Cons

  • "Its ability to crawl a web application is quite different than another similar scanner."
  • "Maybe the ability to make a good reporting format is needed."
Software Quality Assurance Engineer at ITONICS GmbH
Real User
It provides the comprehensive reports in various formats such as PDF and HTML.

What other advice do I have?

I would definitely recommend it to those who really want to know in-depth details of their applications/products regarding security.
IT Engineer at a aerospace/defense firm with 1,001-5,000 employees
Vendor
It searches for a lot of updated vulnerabilities. A lot of the security tests are now automated.

What other advice do I have?

You must work on your environment first. List the web applications’ background: the systems they are using, web server type, database type, programming language. Netsparker supports lots of them, but there are still some restrictions. If they know their environment, the decision is easier.
Software Quality Assurance Analyst at a real estate/law firm with 5,001-10,000 employees
Vendor
It has improved the security of our code by scanning it and finding security defects.
Quality Assurance Specialist at a computer software company with 51-200 employees
Real User
Its web crawler introduced us to many security vulnerabilities and information we had not known before. Netsparker does not integrate SSO functionality.
Buyer's Guide
Download our free Application Security Report and find out what your peers are saying about Netsparker, Acunetix, PortSwigger, and more!