This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
Netsparker Was the Only Scanner That Identified All the Vulnerabilities and One of Two That Did Not Report Any False Positives
LONDON, January 31, 2018 – Netsparker Ltd., a leading player in the web applications security industry, today announced that it was confirmed as a market leader in the Web Application Vulnerability Scanners Comparison for 2017/2018. Further, Netsparker’s scanner was the only solution that identified all the vulnerabilities and was one of the two scanners that did not report any false positives.
The Web Application Security Scanner Dynamic Application Security Testing (DAST) Benchmark is a test that compares the features, coverage, vulnerability detection rate and accuracy of automated web application security scanners, also known as web vulnerability scanners. Other solutions tested included Acunetix, IBM AppScan, HP WebInspect, Rapid 7 AppSpider, and Burp Suite.
The tests were conducted by the independent information security researcher and analyst Shay Chen, who has been doing benchmark tests and improving the platform since 2010. So far he has released six and his work is considered the de facto standard by the application security industry.
The full test results can be found in the 2017/2018 Web Application Security Scanners Comparison Report.
“With the amount of security threats only increasing in number and complexity, companies across industry types need the most accurate web vulnerability scanning technology to protect themselves,” said Netsparker CEO Ferruh Mavituna. “As the comparison test results show, Netsparker leads the pack in finding vulnerabilities in websites and web applications, along with eliminating false positives. We’ve worked hard to consistently come out on top in these thorough and independent tests, and our commitment has never been stronger.”
With this year’s testing, Shay and his team went a step further by installing and integrating DAST solutions in real-life enterprise SSDLC (Secure Software Development Lifecycle) processes to get a better understanding of how they can expand the WAVSEP testbed and test the scanners. The have implemented automated vulnerability scanners in financial, tech and telecom organizations.
One of the most resonant findings for companies was the negative impact of false positives, which are the biggest detriment in web application security. “In fact, large organizations that have hundreds or even thousands of web applications just focus their efforts on a handful of mission-critical websites and ignore the rest,” explained Mavituna. “Considering the number of hacks and data leaks that happen every year, this is not surprising.”
About Netsparker Ltd.
Netsparker was founded in 2009 and develops a web application security scanner. The scanner’s accurate scanning technology led to early success, and Netsparker is now a recognized leader in the web application security industry. Netsparker can identify vulnerabilities in any type of modern and custom web application, regardless of the architecture or platform they are built with. Upon identifying a vulnerability, the Netsparker scanner uniquely generates a proof of exploit to identify a false positive. Netsparker is available as desktop software and as a cloud service. It is trusted and used by world-renowned organizations across industry verticals, including Samsung, NASA, Microsoft, ING Bank and Ernst & Young.