This post documents down the recent webinar series E-SPIN provides to the customers and partners. For the portion of the typical being ask questions and turn into Netsparker feature overview video walkthroughs that capture the essential for the websinars and make it replay-able for the rest of the audience who found it helpful.
Invicti acquired both Acunetix and Netsparker three years back, but let them run standalone until the end of 2020 decided to put two product companies into a single company and consolidate the resources. Netsparker will be at the time the product name, as moving forward the company name will be known as Invicti (formerly Netsparker).
Video, captured video from the event and making it replay-able will be helpful for those who are missing to attend the event while it takes place. Despite not able to have first hand audience experience like those who attend, you can still get the essential content from those sections. It was already cut and edited to make it short and direct to the point to make it more user friendly for those who play the video clip.
The session talked about Netsparker features overview. Login to Netsparker dashboard, where already filled with scan results so you can get the overall feeling of the graphic user interface (GUI) when in action. We walk through a few features in the logical sequence.
First, from the Netsparker dashboard, we explained about the main use case for it, as being dynamic application security testing (DAST) tool.
Follow with the website discovery feature, so you can knowing exactly how many website your enterprise have them that maybe out of your control. How to from here, the list of suggestion to add as Netsparker target. We also explain about the application and services discovery settings option you can fine tuning your website discovery, like exclude certain domain, subdomain.
Technologies detection, a feature to show scan results and consolidate all the technologies detected, version and out-of-dated technologies shown in the dashboard, and recent technologies, where you can filter and sort it accordingly to the parameter.
Then the session goes to multi group/user management. Showcase how to create a team member, and all the options available to control group/user by type, permission and assign into group or multiple group in the manual way. How to add users into the system in a single sign on (SSO) is provided as well.
Next topic covered in the session is Issues Management, how the issue is tracking, history and activity log, updating it for being fixed, false positive and make notes is being shown.
The last feature to explain is the Netsparker Integration for SDLC/DevSecOps, cover range of Issue tracking systems, project management, communication, continuous integration / continuous delivery system (CI/CD), Netsparker API.
E-SPIN has been active in the application security testing (AST) since 2005. For the application security testing (AST) domain alone, E-SPIN possess the capability to provide end to end, unified application security testing platform solution, from integration to point solutions for the various use case, such as dynamic application security testing (DAST), static application security testing (SAST), mobile application security testing (Mobile AST), software composition analysis (SCA), manual application security testing (MAST), penetration testing to exploitation management. Beside this, E-SPIN possesses the capability to supply, consulting, integration, project management, training and maintenance support for infrastructure, network, wireless, datacenter, virtualization, container, cloud and host/system/server and services security testing. Feel free to contact E-SPIN for your project and operation requirements.