Italy’s Most Experienced Information Security Company Relies on Netsparker

In this case study, CryptoNet Italia explains how by using the Netsparker web application security scanner it was able to provide more man-hours and advanced penetration testing services to its customers. CryptoNet also explain why after 14 years in this business, and using all types of scanners they chose Netsparker's unique vulnerability scanning technology.

This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.

"Netsparker is the best web application scanner we know of: It's affordably priced as a tier two scanner, but it is as accurate as a tier one scanner or better. And it has the lowest false positive rate we ever saw in the last 14 years with competing products. We can confirm that Netsparker is a very good reason to spend money and to replace any web application scanning tools you are using at the moment. That money will be quickly recovered."  Paolo Da Ros, CryptoNet, Italy.

CryptoNet is the oldest and most experienced information technology security company in Italy. They are a PCI Approved Scanning Vendor (ASV) and Qualified Security Assessor (ASV). Created in 1995, they have more than 20 years' experience in the Information security industry. CryptoNet serves a variety of very large companies from all types of verticals, including government agencies in the Italian market. They also work with a number of customers based in Sweden, Switzerland and Spain.

Most of CryptoNet's customers are a 'natural' target for hackers, such as governments agencies and their websites. Therefore, they have to identify them all; any critical weaknesses that are not identified and closed would result in a devastating blow to their professional reputation and to their customer's reputation and business.

Years of Experience in Using Automated Web Security Scanners Have Led CryptoNet to Use Netsparker.

Netsparker’s Technology Allowed for More Man-Hours

Having to do penetration tests on very big and complex web applications, CryptoNet have been using automated web security tools since 2002. You can say they have tried them all; HP WebInspect, IBM Appscan, Cenzic and the lot. After working with all these tools, for the last few years CryptoNet settled with Netsparker web application security scanner. Thanks to its automated vulnerability confirmation technology Netsparker allowed the CryptoNet team to spend more valuable man-hours conducting manual tests and focusing on identifying more vulnerabilities, such as the logical ones.

Netsparker Allowed CryptoNet to Deliver More Advanced Web Penetration Tests           

"We have been performing vulnerability assessments and penetration tests since 1995, and we are constantly looking at ways to improve our techniques and work practices. With a tool such as Netsparker, that automates all the automatable checks, when we now conduct manual tests we can spend more man-hours focusing on deeper research on the target application, thus identifying more vulnerabilities. And this is the only way to win the loyalty of our customers and keep our reputation in such a crowded market," said Paolo Da Ros of CryptoNet.          

Comparing Netsparker to Other Web Vulnerability Scanners

Netsparker has always fared very well when compared to other automated web vulnerability scanners, as highlighted again in the 2015 update of the web security scanners comparison. Though no one can explain it better than a customer who has more than a decade of experience using automated web security scanners.

"The UI is simple and clean. Netsparker provides very thorough scans that are easy to understand, and include well-made proofs of the vulnerabilities found during a scan. This results in saving time & money, instead of going around on a wild-goose chase. We now have a lower cost of remediation due to having almost zero false positives."

And what about support? "It was great. They always gave us fast responses and helpful advice". 

About CryptoNet

CryptoNet was one of the first Italian companies to have considered the importance of information security in the age of Internet. This idea was incorporated in 1995 and this idea continues to be its reason for being. Even though many Italian companies who are active in the market of IT services are larger than CryptoNet very few, however can count on such an extensive experience. Over the years CryptoNet installed the first firewall in Italy, designed architectures for cryptographic smart cards and implemented dozens of public key infrastructures, IDS and IPS. CryptoNet also supports customers in complying with provisions of the law (Legislative Decree no. 196 / 03, 231/01, 262/05) and industry regulations such as PCI-DSS and ISO27001.

Your Information will be kept private.

Ferruh Mavituna

About the Author

Ferruh Mavituna

Ferruh Mavituna is the founder and CEO of Invicti Security, a world leader in web application vulnerability scanning. His professional obsessions lie in web application security research, automated vulnerability detection, and exploitation features. He has authored several web security research papers and tools and delivers animated appearances at cybersecurity conferences and on podcasts. Exuberant at the possibilities open to organizations by the deployment of automation, Ferruh is keen to demonstrate what can be achieved in combination with Invicti’s award-winning products, Netsparker and Acunetix.