Developers with free Enterprise Account can better assure vulnerability protection
London — August 17, 2017 — Netsparker Ltd, a leading player in the web applications security industry, has announced unlimited web security scans for developers of open source projects with Netsparker Enterprise. The Netsparker Enterprise scanner uses unique and cutting-edge Proof-Based ScanningTM technology.
Netsparker research has revealed the problematic levels of risk developers expose themselves to, by not properly securing their development and testing environments. The chief problem identified is vulnerable web applications running on developers’ testing and production environments. These are easily compromised by bad actors and thus are open and inviting targets for mischief.
As illustrated by Netsparker research findings, the top two culprits are cross-site scripting (XSS) and SQL injection vulnerabilities, with XSS accounting for a staggering 81.9 percent of the identified vulnerabilities. Unfortunately, these findings are common. For example, last year Netsparker found similar results with 180 XSS and 55 SQL injection vulnerabilities.
“The statistics highlight the need for constant, consistent and trusted vigilance,” said Netsparker CEO Ferruh Mavituna. “It is why we are committed to helping enhance the security posture of the open source developer community. And we are allowing unlimited scans to those who join, at no cost.”
Mavituna added, “Enabling those with malicious intent to compromise development environments is a self-inflicted wound and is totally preventable. We see providing unlimited free scans as a critical part of our commitment to assuring that the increased reliance by organizations on open source solutions means ‘open for business,’ with greatly minimized risks.”
Web Security Automation Is the Key
On average, a vulnerable web application has 6.6 vulnerabilities. This a la carte selection of vulnerabilities makes bad actors happy about the targets they have at their disposal. In addition, web applications are complex. The average web application has hundreds, if not thousands, of possible attack surfaces. What this means is that unless enterprises automate security, particularly during both the development and testing stages, it is impossible to develop a secure web application.
Realities are that web application developers can no longer check manually that all of the possible attack surfaces on web applications are invulnerable to the hundreds of different vulnerability variants. It is the driver behind Netsparker’s focus on constantly improving, through rigorous testing, Netsparker Enterprise’s web application security scanning capabilities.
The goal is the development of a web application security solution that generates highly accurate and trusted web security scan results. This engenders peace of mind and frees developers to concentrate on their projects and not waste time manually verifying vulnerability test findings.
For more information about Netsparker survey results and recommendations on how best to secure application software or to sign up for a free Netsparker Enterprise Account (for open source projects), visit www.netsparker.com.
About Netsparker Ltd.
Netsparker, founded in 2009, provides a web application security scanner that has established the company as a leading player in the web application security industry. Netsparker can identify vulnerabilities in any type of modern and custom web applications, regardless of the architecture or platform they are built with. Upon identifying a vulnerability, the Netsparker scanner uniquely generates a proof of exploit, proving it is not a false positive. Netsparker is available as desktop software and as a cloud service. It is trusted and used by a number of world-renowned organizations, including Samsung, NASA, Microsoft, ING Bank and Ernst & Young.