The Netsparker Web Application #Security #Scanners employ a unique and dead-accurate vulnerability scanning technology that automatically verify the vulnerabilities by producing a proof of exploit.
Discover how Netsparker find security flaws in websites, applications and services and protect whole system in 3 clicks.
Softprom by ERC official Value added #distributor of #Netsparker in Europe.
5. 03/02, 17/03, 12/04, 21/05, 07/06
Prowli Malware Operation Infected Over 40,000 Servers, Modems, and IoT Devices
58% of Botnet Malware Infections Last Under a Day
New VPNFilter plugins
Over 65,000 Home Routers Are Proxying Bad Traffic for Botnets, APTs
Cisco Smart Install Client
6. WHY MATTER?
Security risks >> web apps & networks to which they are connected.
>> web application = most serious sources of security risk.
Web by design opens a window between your network and the world.
Vulnerabilities are not
from web app
development only but
often come from
general security
issues, wrong
configurations, weak
administration and just
no awareness of
IT/ITS guys.
7. NETWORK FIREWALL / SCANNER
Myth#1
To protect web app we have a Network Firewall / UTM and a Network Security Scanner
8. WEB APPLICATION FIREWALL
WAF can’t solve web-app security flaws just blocking some KNOWN requests to (with patterns/signatures).
As an administrator is good, as WAF is good – people remains the weakest part of the solution.
WAF is just software/appliance to be configured/learnt constantly.
It makes sense to use WAF after vulnerability / security assessment by automatic web scanner.
9. WEB SECURITY
There are two roads to accomplish excellent security:
1. Old way
- Maintain constant alert to new security issues (concept?)
- Ensure all patches and updates are done at once (sure, but)
- All of your existing applications reviewed for correct security (is it possible)
- Only security knowledgeable programmers do work on your site (how to evaluate)
- Their work checked carefully by security professionals (developer vs security)
- Maintain FWs, AVs, IPS’ (for why) and so on.
2. New way: use a web app sec scanner to see if vulnerabilities actually exist
- simple logic to lock the front door.
>> far more effective to repair a half dozen actual risks than to leave them in place and try to build
higher and higher walls around them. And this also lead to the birth of a new and young industry …
10. MANUALLY/ SAST OR DAST?
Your site is 1,000 times more likely to be attacked with a known exploit than an unknown one. And the reason behind this is simple: There are so many
known exploits and the complexity of web servers and web sites is so great that the chances are good that one of the known vulnerabilities will be
present and allow an attacker access to your site.
21. 2. PEN-TEST SERVICE
PARTNER
DISCOUNT
Avg pen-test price is 1,000 – 4,000 USD
100% accuracy and no false positives >> high results
Netsparker pricing >> NO EXTRA COSTs
Checking web-sites >> PER SCAN FEE
FEES
NETSPARKER CUSTOMER
CUSTOMER
24. COMPANY SNAPSHOT
Netsparker develops a dead accurate webAppSec
scanner, helps businesses automatically detect
vulnerabilities in WebApp as quickly and efficiently
as possible.
Netsparker was founded in 2009 and is still lead by
Ferruh Mavituna. A penetration tester himself.
45%+ average annual
growth
1,500 + customers in
66 countries
Fortune 500
customers
50+ employees in 6
countries
200 zero-day
vulnerabilities
advisories published
1,500,000+
Netsparker downloads
since 2010.