False positive free online web application security scanner from Netsparker
Netsparker launched their new enterprise online service offering Netsparker Cloud, which enables organizations to simultaneously scan hundreds and thousands of websites for vulnerabilities and security flaws. They can also organize web security scans and keep track of the security state of each individual website, web application and web service in the organization.
Netsparker Cloud is a web based service and is available 24/7. It allows users to launch new web security scans or check the progress and results of existing ones from anywhere with an internet connection.
Large organizations typically have hundreds and sometimes even thousands of web applications that are constantly used by their own employees, business partners and customers. Therefore it is impossible for the security team to audit each and every website individually. Many try to build their own in-house custom web application security scanning solutions, though most of them fail at it.
Such in-house solutions typically have a lot of shortcomings and introduce a lot of problems, hence leaving organizations exposed to malicious hack attacks, as can be seen every day on the news. The problem lies within these in-house built and highly customized solutions. Usually they are very difficult to use and not tested, thus making them very unreliable. The costs of building, running and managing them are also very high.
Netsparker Cloud is also a multi-user service allowing all developers, QA team, managers and security professionals from the same organization to login with their own user and collaborate on web application security projects.
The team can use the vulnerability management feature in Netsparker Cloud to assign open vulnerabilities to developers for fixing, similar to a bug tracking system. Once the developers fix the vulnerability Netsparker Cloud automatically rescans the target to confirm the fix the developers committed.
Netsparker Cloud has a web service based API that allows users to trigger web security scans and other actions remotely. The API allows organizations to easily integrate automated web application security scans at every stage of their SDLC (software development lifecycle) and in their development environment.