Believe me when i say that we’ve used a lot of tools. We love scripts, we love things that free up our time to do the real analysis on a web application assessment. We have used w3af, nikto, Grendel Scan, etc, etc… We are really happy to see a new tool we have used in it’s pro version incarnation: Netsparker.
Netsparker announced today that it is releasing a community edition, lacking only a few features of the pro version. We highly appreciate this, especially its “free as in beer” type release. Yes it’s Windows only but we can forgive for a moment 😉
Why is Netsparker valuable?
- It beats Appscan and Webinspect in injection tests most of the time
- Its spider is fast and furious
- Its configuration vulnerability database is up to date
- Its remediation advice is sound and technical
- It very rarely has false positives, and initial testing also shows low false negative results
CE doesn’t include some exploitation features and certain categories of Command injection, RFI, etc. Despite that it’s still a great tool to add to your utility belt, we recommend adding it you your security regiment for web applications =)
Check out the https://www.mavitunasecurity.com/pricing/ page to see the difference between pro and CE.