2018 Web Vulnerability Scanners Comparison – Netsparker Confirmed a Market Leader

The 2018 independent web application security scanners benchmark results have been published. How did Netsparker fare when compared to the other web vulnerability scanners? In short, Netsparker was: The only scanner that identified all the vulnerabilities One of the only two scanners that did reported zero false positives None of the other scanners in the comparison performed as well as Netsparker. If you'd like to find out more information, including results, read this post which explains how the tests were conducted and displays the results of each individual test. Table of Content What is the Web Application Security Scanner (DAST) Benchmark? How Are Tests Performed? The Negative Impact of False Positives False Positives Make Scaling Up Web Security Impossible Evaluation Criteria The Benchmark Results – Global Results How Many Vulnerabilities Did the Scanners Detect? How Many False Positives Were Reported? Graph with Global Detection & False Positives Rates The Benchmark Results – Individual Tests Results OS Command Injection Detection Remote File Inclusion / SSRF Path Traversal SQL Injection Reflective Cross-site Scripting (XSS) Unvalidated Redirect Are Web Security Scanner Comparisons Useful & Realistic? Which is the Best Web Application Security Scanner? Can Netsparker Identify Security Flaws in Your Web Applications and APIs? Past Comparisons...
Read more

2013/2014 Web Vulnerability Scanners Comparison – Netsparker Confirmed as a Market Leader

NOTE: Read the article 2015 - How Does Netsparker Compare with other Automated Web Application Security Scanners? for more recent information about Netsparker scanners' scanning capabilities. Earlier on this month, information security researcher and analyst Shay Chen released the 2013/2014 Web Application Vulnerability Scanners Benchmark, where he compared 63 different web vulnerability scanners, or as they are also known web application security scanners.The comparison contains a good wealth of information and for those who have time, it is worth to dive into and analyze all of the results. We of course already did our homework; we analyzed the results and are more than happy with results; Netsparker Web Application Security Scanner smoked the competition and is only second to IBM AppScan with only 4% difference; a scanner that costs much more than Netsparker.Hence when you also include the price in the equation, Netsparker is the best web vulnerability scanner with the best return on investment; while IBM Appscan has an expensive price tag users still have to spend a lot of time to verify its findings as opposed to Netsparker, which automatically checks its own findings to report no false positives. How did Netsparker Perform When Compared to...
Read more

How to Integrate Netsparker Desktop with GoCD

GoCD is continuous delivery software similar to Jenkins. GoCD enables you to build automation into your software development workflow, including testing, bug fixing, web security scanning and vulnerability fixing. This article explains how to integrate Netsparker web application security scanner with GoCD, in order to trigger scans automatically when developers make changes to your web applications. Why Integrate Netsparker Desktop with GoCD? In software development projects, Developers, Testers and Penetration Testers all have their role to play. When Developers make changes to web applications for example, these changes have a knock-on impact on other teams and tasks. If the changes that are made by Developers can be used to trigger automatic scans, this saves the time required to manually configure and run scans, examine results, then assign and fix vulnerabilities. Development teams can continue to work on the areas to which they have been assigned, without having to switch tasks. Those assigned to vulnerabilities can view scans as they are running. And, often scans can run while developers are otherwise occupied or away from work. No-one has to wait for a scan to complete before moving on to another task or back to their previous development tasks. Integrating GoCD with Netsparker There...
Read more

December 2017 Update for Netsparker Cloud

We're almost at the close of 2017. But, before it ends, we wanted to present you with a seasonable gift – a huge update to Netsparker Cloud, our web application security scanning solution. This blog post highlights what is new, improved and fixed in the December 2017 update of Netsparker Cloud. Real Time Scan Results One of the most common problems in online services is that users have to wait until a scan is complete to see the results. Not in Netsparker Cloud! Like Netsparker Desktop, Netsparker Cloud now displays scan statistics in real time. As soon as Netsparker Cloud identifies a vulnerability, it reports it and displays all the details while the scan is still running. This empowers you to take action immediately. Integration Support with Fogbugz, Github and TFS Issue Tracking Systems A few months ago we announced the integration with JIRA, an issue tracking system, which enabled you to configure the automated posting of vulnerabilities as issues in JIRA projects. In this latest update, we added integration support for FogBugz, Github and Team Foundation Server (TFS). You can now use the Integration wizard to integrate Netsparker Cloud with your issue tracking system in...
Read more

Consumers Survey Results: Web Applications Most at Risk of Getting Hacked & Consumers’ Online Risky Behavior

Earlier this year, we conducted a survey to discover consumers’ major concerns when shopping online. The answers were not surprising. A whopping 77.6% of respondents worry about websites being hacked. But are these same consumers also concerned about their own devices getting hacked? And do they do enough to protect them? In the same survey we asked consumers about how they use their personal devices. Here are the results. Are Consumers at Risk of Cyber Attacks? The answer, unfortunately is a resounding yes. Eighty percent of our respondents admitted doing things online that put them at risk. The most popular were: Using open, unsecured wifi networks Clicking on social media links that are not familiar Using the same password for all logins Using weak passwords Are Consumers Protecting Themselves? Even though many consumers take risks, 85% of respondents said that they also take actions to protect their privacy and their data. For example: 46% said they deleted their history and cookies when using a public computer 38% of the respondents turn off location services on their phones 19.4% tape over their laptop camera (but they should visit our booth at events we attend, where we give out web cam covers...
Read more

Explanation & Demo of the Content Security Policy (CSP)

Scanning a web application for vulnerabilities and ensuring it is secure is certainly a good thing to do. Though there are other things you can leverage to improve the security posture of your web applications, such as Content Security Policy (CSP). Watch our security researcher Sven Morgenroth deliver a presentation and demo about CSP during episode #536 of Paul’s Security Weekly. During the podcast Sven; Explains what is CSP, Explains some CSP directives and how to use them, Shows some of the most common mistakes one can make when configuring CSP, Explains how CSP helps in preventing Cross-site Scripting vulnerabilities on your web applications. During the podcast, Sven also makes a demo and shows the effect Content Security Policy directives have when used to protect a web application and also highlights some best practices. Sven also shows how you can use the Netsparker web application security scanner to ensure your Content Security Policy is airtight, or better, hacker tight! Slides for Content Security Policy Presentation & Demo Below are the slides Sven used during the presentation and demo of the Content Security Policy. Content Security Policy (CSP) Presentation & Demo...
Read more

November 2017 Netsparker Desktop Update

Today, we are delighted to announce a new update of Netsparker Desktop web application security scanner. In this update, we have improved some of the security checks and made several performance enhancements. But, most importantly, we have added new features that will help you automate more. This announcement highlights what is new and improved in this latest update. Configuring Web Storage Data (Local/Session) for a Website In the Scan Policy, you can now configure both Local and Session Web Storage Data for a target website. This is useful when you need to provide a token and its value prior to the scan. As illustrated in the screenshot, to configure Web Storage data, navigate to the Web Storage menu and specify the Type, Key, Value and Origin. New Parse From URL Feature for Form Values In Netsparker web application security scanner, you can pre-configure the values the scanner uses when traversing web forms. In this update, we added a new feature called Parse From URL, which you can use to automatically extract a list of parameters and their types from a web form, instead of having to dig through...
Read more

Black Friday & Cyber Monday 2017 WordPress Deals

Below is a list of promotional codes and promotions our business partners are running this year for the Black Friday and Cyber Monday weekend. Note: We only endorse and promote products we use ourselves to run our WordPress websites. WP Security Audit Log Plugin The WP Security Audit Log is WordPress’ most comprehensive and popular… Read More The post Black Friday & Cyber Monday 2017 WordPress Deals appeared first on WP White Security. Related posts:Black Friday & Cyber Monday 2014 Deals from WP White Security November 2016 WordPress Core, Plugins & Themes Vulnerabilities Roundup February 2017 WordPress Core, Plugins & Themes Vulnerabilities Roundup
Read more

Black Friday All Year? Secure Websites Generate More Revenue Survey Shows

Nowadays, many businesses understand the crucial importance of having a secure website. To keep their – and their customers' data – safe from hackers, they scan their web applications and web services for vulnerabilities, detecting and fixing them before malicious attackers find them. Many others, unfortunately, are either doing little or nothing in terms of website security, mainly because they think that their website is not a target. Others think security vendors are merely scaremongering. So, are we scaremongering or raising awareness? Is it true that insecure websites have a direct impact on the revenue of a business? We Surveyed Consumers About Website Security Black Friday, Cyber Monday and the festive season, a period closely associated with food and shopping, are just a few days away. The vast majority of the respondents (84.6%) said that they do some of their shopping online. What's more, 45% of respondents revealed that over 50% of their shopping is done online. That’s a lot of online shopping! Consumers’ Concerns When Shopping Online In our survey, we asked respondents whether they had any concerns about the security of the online shops they buy from. Here are...
Read more
Page 1 of 41234