This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
After a good number of months of late nights and endless supply of coffee, many beta testers and discussions about adding or removing specific features, we are happy to announce that Netsparker Enterprise, the new online web application security scanner is officially released and available for all of you.
What is Netsparker Enterprise?
The name says it all; Netsparker Enterprise is an online web application security scanner built on top of AWS (Amazon Web Services), guaranteeing the best possible performance and scalability. You can scan hundreds or thousands of web application in just a few hours and all the results will be correlated, easy to access and act on.
The service uses the already proven scanning technology of the desktop edition of Netsparker. Therefore we guarantee you that it will detect the most vulnerabilities, as shown in Shay Chen's last independent web vulnerability scanners comparison, and it reports no false positives.
Netsparker Enterprise Features Highlights
Another online web security scanner on the market? No, Netsparker Enterprise is different. It brings a lot to the table especially for large organizations who would like to ensure the security of hundreds and even thousands of websites and web applications. Netsparker Enterprise can also be used by small businesses, though as explained in this post it has a good number of features that help organizations ease the job of securing their web applications.
Easy to Use and False Positive Free
Even though easy to use products and false positive free web security scanning technology has become synonymous with the Netsparker brand, it is still very important to talk a bit about them and to remind users and business owners how much their organization can benefit from such features.
Easy to Use Web Security Service
Web application security is not exactly a straightforward process, hence by using easy to use products you ensure that you and your team can focus on securing web applications and not figuring out how to use the tools.
Easily Scan Password Protected Websites
Once we are speaking about ease of use of security tools, allow me to show you how you can configure form authentication, so Netsparker Enterprise can scan a password protected area in your website. Most probably you have seen how it works with other tools, where you have to record a login macro, or contact support to configure it for you. With Netsparker Enterprise it is as simple as specifying the login form URL and username and password and the service will figure out everything by itself.
If you are using Client Certificate, NTLM, Basic or Digest authentication simply tick the checkbox and specify the credentials. Yes it is that simple.
False Positive Free Web Security Scan Results
Every security professional will tell you that false positives are a big detriment in the web application security industry. If you use a tool that reports a lot of false positives that you have to manually verify, then what is the use of automating the process? Might as well audit the web application manually, which is of course an impossible feat considering the complexity and size of today's web applications. And we designed Netsparker’s scanning technology, which is used in both Netsparker Enterprise and Desktop with this in mind. Hence Netsparker Enterprise is a false positive free online web security scanning service.
One of the biggest problems in the security process is bringing everyone to the speed, keeping developers responsible and having a good communication channel between security and developments teams good. Since it is a multi-user platform, Netsparker Enterprise allows teams in large organizations easily collaborate between them to ensure that all web applications are scanned and all identified vulnerabilities are closed down.
There is no limit to how many users you can create for each account and the main account holder can configure different privileges for each created user, ensuring that every user only has access to what they need to do the job. Refer to Ease Collaboration and Improve Productivity with Netsparker Enterprise for more information on the multi-user feature.
Vulnerability Management To Ease Fixes
Netsparker Enterprise has a built in vulnerability management system which allows team members to assign vulnerabilities as tasks to others, thus ensuring everyone knows what needs to be done. Similar to a bug tracking system, this feature really helps in ensuring all vulnerabilities are remedied.
Once a vulnerability is marked as fixed Netsparker Enterprise will automatically scan the web application to ensure the fix. Should it not be fixed, the task will be automatically reassigned to the developer. Read Vulnerability Management and Remediation for more information on this handy feature. And if instead you would like to continue using your existing bug tracking system, that is fine as well as Netsparker Enterprise can be easily integrated with it.
Fully Configurable Web Security Scanning Service
Even though Netsparker Enterprise is an online service it is a fully configurable online web security scanning service. In terms of configuration it is the same as Netsparker Desktop, there are no limitations to the type of scan settings you can configure, or which scan policy or URL rewrite rules to use for a web vulnerability scan.
Easily Manage the Security of Many Websites
In Netsparker Enterprise you can create and use groups to group websites. By grouping websites you can configure specific scan policies and settings that can be used to scan the websites, or scan a group of websites at the same time. Groups also allow you to easily get an overview of the security state of a number of websites in the group, rather than having to manually sift through thousands of scan results.
Integrate Web Security Scanning in Your SDLC
Integrating Netsparker Enterprise in your SDLC and Continuous Development is very easy and secure; an API token is used for each user and all type of actions such as launching a new web application security scan and getting the results of a scan can be triggered via the API. Detailed API documentation is available in Netsparker Enterprise.
Apply for a Netsparker Enterprise Trial
The above list is just an overview of what is new in Netsparker Enterprise. See for yourself how much time and resources your business can save when using Netsparker Enterprise to ensure the security of all websites and web applications. Apply for a Netsparker Enterprise trial and your region's product specialist will get in touch and sort out a free full trial.
We Would Like to Hear From You
As much as we are happy with this new release of Netsparker Enterprise, we are also excited with what lies ahead. Even though we are confident that Netsparker Enterprise has already raised the bar for online web application security scanners, we are sure that there is a lot that still needs to be done therefore we would like to hear from you. Go ahead and apply for a Netsparker Enterprise trial and let us know what you think of it. Visit the Netsparker Enterprise product page and Netsparker Enterprise benefits page for more information about the features of Netsparker Enterprise and the benefits your business can take advantage of when securing web applications with Netsparker Enterprise.