Netsparker Tool

Netsparker is an easy to use false positive free web application security tool. It helps us identify web vulnerabilities such as SQL Injection and XSS.
Some main features of Netsparker:
  • Vary accurate vulnerability detection with the unique Proof-Based Scanning Technology.
  • Minimal configuration required. Scanner automatically detects URL rewrite rules, custom 404 error pages.
  • REST API for seamless integration with the SDLC(Software Development Life Cycle), bug tracking systems etc.
  • It is scalable.
So basically, using Netsparker we can do three types os scan:
1.A Detailed Scan:




2.An Executive Summary Scan:

 Executive Summary Scan Report
 


3.PCI Compliance Report:

PCI Compliance Report



In Netsparker the  vulnerabilities are classified according to the amount of harm it can cause:
1.Critical:
2.High:
Here is a sample screenshot on the GUI that Netsparker provides:
Netsparker Web Application Security Scanner helps leading world renowned companies keep their web applications and websites secure by automatically identifying vulnerabilities and security issues.So using the Netsparker Community version, we as well can start making use of it, to scan and secure our web applications, from these vast amount of vulnerabilities.

Comments

Post a Comment

Popular posts from this blog

Nmap

Image
What is Nmap? Nmap is a free and open-source network scanner. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection. How to download Nmap? If you are using Kali Linux Operating System, Nmap is already pre-installed. If you are using any other operating system, then we can download it at:   https://nmap.org/download.html So, once we've downloaded the Nmap latest version, we are ready to run it. Installing is a simple task and can be completed within a minute or two. Working: Open the command prompt with admin privileges and type: nmap We get a result like this: Nmap with ip address: So in this as we can see, I scanned a random IP addresss using Nmap. Through this command we get to know which all ports in the target system are closed and open, through which we...
Read more

Owasp Zap

Image
The OWASP Zed Attack Proxy (otherwise known as ZAP) is a free security tool which you can use to find security vulnerabilities in web applications. Owasp: Open Web Application Security Project Working: ZAP creates a proxy server and makes your website traffic pass through that server. It comprises of auto scanners that help you intercept the vulnerabilities in your website. This is a live scanning screenshot, when I tried to attack this very blog. Seems that google blogs pretty well secured, although there were 1 medium level threat and 6 low level threats, that were found. We can also generate a documentation, of the threats that were found out using this tool. Here is the report that was generated, when I scanned this very blog. Seems to be very secure, having 2 medium level threats and 6 low level threats.   Following are the different modes of attacks, that we can lauch through this tool: Quick Attack:  This helps you test the a...
Read more