This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
There are many
- Web scanners report a lot of false positives. Maybe back in the
daysscanners used to report a lot of false positives, though nowadays the Netsparker scanners are dead accurate thanks to the unique Proof-Based Scanning TMtechnology.
- There hasn’t been any particular breakthrough in the scanners’ industry, making the tools outdated.
- Scanners cannot scan and find vulnerabilities in modern Web 2.0+ / HTML5 / Single Page applications.
- Some security professionals tend to shy away from automation because they think tools such as black box scanners won't find anything that they can’t find manually.
- People believe that scanners can only find low-hanging fruit.
Your Information will be kept private.