Detailed Web Application Scanner Information - Netsparker Community Edition

Logo	Scanner	Version		Vendor
	Netsparker Community Edition	3.1.6.0		Netsparker Ltd

Tested Against WAVSEP Version:

1.5

Product Details:

Accurate Version	License / Technology	Last Update	Source Code Activity
3.1.6.0 (GA)	Freeware .Net 3.5	03-12-2013

General Features:

GUI	Config	Usage	Stability	Performance	Report	ScanLog	Pause	Session
	Very Simple	Very Simple	Stable	Very Fast

Authentication, Control and Connection Features:

Custom
Cookie

Custom
Header

B
A
S
I
C

D
I
G
E
S
T

N
T
L
M

N
T
L
M
v
2

K
E
R
B
E
R
O
S

F
O
R
M

PROXY

GZIP

DEFLATE

SSL

CERT

Logout
Detection

Exclude
Logout

Exclude
URL

Exclude
Param

Coverage Features:

C
O
U
N
T

Manual
Crawl

URL
File

Html
Crawler

Ajax
Crawler

Flash
Crawler

Applet
Crawler

Silverlight
Crawler

WSDL
Crawler

REST
Crawler

Field
Autofill

Smart
Autofill

Anti
CSRF
Support

Viewstate
Support

CAPTCHA
Bypass

WAF
Bypass

Input Vector Support:

C
O
U
N
T

G
E
T

P
O
S
T

C
O
O
K
I
E

H
E
A
D
E
R

S
E
C
R
E
T

P
N
a
m
e

X
M
L

X
m
l
A
T
T

X
m
l
T
A
G

J
S
O
N

.
N
e
t
E
N
C

A
M
F

J
a
v
a
S
E
R

.
N
e
t
S
E
R

W
C
F

W
C
F
-
B
i
n

W
e
b
S
o
c
k

D
W
R

C
u
s
t
o
m

Audit Features:

C
O
U
N
T

S
Q
L
i

B
S
Q
L
i

S
S
J
S
i

R
X
S
S

P
X
S
S

D
X
S
S

J
S
O
N
h

L
F
I

R
F
I

C
M
D
E
x
e
c

U
P
L
O
A
D

R
E
D
I
R
E
C
T

C
R
L
F
i

L
D
A
P
i

X
P
A
P
H
i

M
X
i

S
S
I

F
O
R
M
A
T
i

C
O
D
E
i

X
M
L
i

E
L
i

B
U
F
F
E
R
o

I
N
T
E
G
E
R
o

C
O
D
E
D
i
s
c

B
A
C
K
U
P
f

P
A
D
D
I
N
G

A
U
T
H
b

P
R
I
V
e

X
X
E

S
E
S
S
I
O
N

F
I
X
A
T
I
O
N

C
S
R
F

A
D
o
S

Complimentary Audit Features:

WebServer Hardening	CGI Scanning	Dir & File Enumeration	Passive Analysis	Additional Features

The SQL Injection Detection Accuracy of the Scanner:

Detection Accuracy

Chart

72.06% Detection Rate
30.00% False Positives

(98/136)
(3/10)

The Reflected XSS Detection Accuracy of the Scanner:

Detection Accuracy

Chart

78.79% Detection Rate
0.00% False Positives

(52/66)
(0/7)

The WIVET Score of the Scanner:

WIVET Score

Chart

91.00% Detection Rate

Additional Audit Features:

In the free edition, the blind SQL injection feature is limited to boolean (binary) SQL injection. The current version of Netsparker CE does not present obsolete files detected (listed but never verified in previous Netsparker CE versions). Various passive checks are also embedded, and include (among other features): Password Transmitted over Query String, Password Transmitted over HTTP, Autocomplete Enabled, Web Server Version Disclosure, Viewstate Not Encrypted, Email Address Disclosure, Internal Path Disclosure (Windows/Unix), Internal Server Errors, Cookie not HttpOnly, and more.

Additional Features:

None

Overview:

Many features are reserved for the commercial version, but in the overall, the tool is VERY user friendly and simple to use, and the tester can still benefit a lot from running it, in spite of the missing features.