Netsparker is an easy-to-use web application vulnerability scanner that can crawl, attack and identify vulnerabilities in all types of the web application. It can identify web application vulnerabilities such as SQL Injection, XSS (Cross-site Scripting), Command Injection, Local File Inclusions & Arbitrary File Reading, Remote File Inclusions, Frame Injection, Internal Path Disclosure, and many more.
It has a pretty low false positive rate because, unlike other scanners, Netsparker performs multiple tests to confirm any identified issues. It also has a JavaScript engine which can parse, execute and analyse the output of JavaScript and VBScript used in web applications. This allows Netsparker to successfully crawl and understand websites that use different AJAX frameworks, custom code or well-known frameworks such as jQuery.
If a website scan detects a WSDL (Web Services Definition Language) documents on the site, Netsparker will automatically scan those web services too. And, it also offers the following features:
- Detailed Issue Reporting: It reports issues with the maximum available details.
- Automation: It provides a command line interface that you can use to automate scans and integrate Netsparker into your automated scanning, reporting or development systems.
- Logging: Logs of all HTTP Requests and responses, as well as all identified vulnerabilities and other scan-related data.
