If you manage a website which has anything more than basic personal details, then it’s vital to make sure it’s secure. There are plenty of free tools around which promise that they can help – but who really delivers?
Netsparker’s Community Edition is one popular solution, as it offers a strong core set of features with minimal restrictions (you can use it on as many sites as you like, for instance).
The program can quickly check your site for both error and boolean-based SQL injection issues, for example. It’s able to identify reflective and permanent/ stored cross-site scripting problems, and can pick up a host of more general security flaws (cookie configuration, programming and database errors, information disclosure, Robots.txt and Google Sitemap problems, and more).
How accurate is it? Shay Chen’s new security scanner group test offered some clues by pitting 60 commercial, free and open-source tools against each other. Netsparker’s Community Edition ranked 8th out of 38 in the (free tool) SQL Injection Detection Accuracy test, and managed 6th in the Reflected XSS Detection Accuracy benchmark, where the program performed considerably better than some big names (Nessus was 34th).
Not bad at all, then, and Netsparker does have additional advantages which weren’t covered in the tests: it offers quick scanning performance, is configurable and easy to use. Put it all together and it’s an appealing package. If you’re looking for a free Windows-based web security scanner, as a primary tool or a backup to another application, then Netsparker’s Community Edition has to be worth a try.