Web security scanner Netsparker gets a thorough testing
Hunt tested the application by pointing it at a test site with "about 50 serious security vulnerabilities" and checking exactly what it managed to uncover.
Hunt praised Netsparker for its ease of use, and a level of detail which saw "a great explanation that’s very easily legible" (the test report is available as a PDF if you’d like to check it out for yourself).
Unsurprisingly the program missed a number of issues, in particular relating to password issues, and the review breaks these down into 8 high risk problems, 2 medium and 2 low.
Hunt concludes that Netsparker and similar tools can save you time, but they’re no magic bullet: you need to properly understand any highlighted vulnerabilities and how to close them correctly.
It’s a helpful review, and worth a read for anyone interested in automated web security testing. If you’d like to try Netsparker for yourself, a demo of the $1.95K/ year full edition is available, but a more limited (though still useful) Netsparker Community Edition is available for free.