Netsparker adds depth to web application security testing with new module.
Invicti Security, a global leader in web application security, has announced that it has added Interactive Application Security Testing (IAST) capabilities to Netsparker, its award-winning web application security scanner.
The IAST sensor works hand-in-hand with Netsparker’s Dynamic Application Security Testing (DAST) solution to provide deeper insights into runtime issues and to identify and test local assets that crawlers can’t see.
Recent research by IBM Security estimates the average cost of a data breach to be US$3.86 million, with the average time to identify and contain one reaching 280 days. To be effective, modern web application security testing must combine the widest possible test coverage with the accuracy required to efficiently isolate and resolve vulnerabilities. Netsparker’s combined dynamic and interactive (DAST + IAST) approach to scanning provides customers with three key benefits:
- More complete scanning: IAST sensors inspect the application ‘from the inside’ and scan parts of the application that a DAST scanner alone could not see
- Additional verification: DAST + IAST scanning analyzes the application’s runtime behavior to provide additional confirmation of vulnerabilities for directly actionable results
- Better insight for remediation: IAST scanning can provide line-of-code level details on where vulnerabilities exist, so developers and security pros can address them more quickly and with less manual effort
“Adding IAST to Netsparker means that this solution now provides even more actionable results to dev teams so they can remediate vulnerabilities,” said Ferruh Mavituna, Founder of Netsparker and CEO of Invicti Security. “Runtime insights extend an organization’s ability to confidently automate application security testing so they can scale their security operations.”
IAST provides more detailed information about vulnerabilities and possible attack payloads that enable security engineers and Netsparker itself to triage issues faster and more accurately. The insights provided by IAST also help bring developers closer to security with a deeper understanding of security issues in their code.
“Adding the extra vulnerability details from IAST to our existing Proof-Based Scanning changes the dynamics of application security testing, and we’re getting great feedback from customers,” said Mike Mattos, Invicti Security Senior Vice President of Customer Success. “This is another advancement in Netsparker’s approach to helping developers and security teams work more effectively together to improve an organization’s security posture.”
Combined with the right internal organization and workflows, Netsparker can be set up and used as a fully automated application security platform, allowing companies to shift the entire vulnerability resolution process to the development level.
This new capability expands Invicti Security’s offering across its product portfolio and was developed with the help of the same team that originally created one of the first commercial IAST implementations nearly a decade ago in Acunetix, another Invicti Security product.
Additional details about Netsparker DAST + IAST can be found in this white paper or with a product demo.