Scribd Logo
Upload

Welcome to Scribd!

  • 1 views

    20210917_VNCS Netsparker by Invicti

    Uploaded by

    huynq6

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    20210917_VNCS Netsparker by Invicti

    Uploaded by

    huynq6
    1 views21 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    1 views21 pages

    20210917_VNCS Netsparker by Invicti

    Uploaded by

    huynq6

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 21

    Netsparker by Invicti

    Why You Need to Use DAST in Your SDLC?


    Speakers

    Suyan Zou
    Senior Partner Account Manager

    Juan Gonzalez
    Channel Account Executive APAC

    Mark Schembri
    Solutions Engineer Team Lead
    Agenda

    1 About Invicti

    2 Netsparker Product Overview

    ● Benefits of Integrate DAST into SDLC


    ● Netsparker Standard & Enterprise

    3 Netsparker Demo

    4 Q&A
    We Are The Leader In DAST
    The Two Leading Dynamic Application Security Testing Firms Under One Roof

    Automated and Scalable for Enterprise Fast and User-Friendly for Nimble Teams

    Originated in 2009, Netsparker is the brainchild of Ferruh Mavituna, a Pioneered on the island of Malta in 2005, was the first automated web app
    well-known security expert. Netsparker focuses on absolute accuracy and it security scanner and is regarded as one of the most innovative products in
    achieves this with its proprietary Proof-Based Scanning™ technology. web security. Its unique scanning engine is known for its speed & accuracy.
    Partner Portal
    Invicti Security
    115 countries >50% YoY Growth
    ● Created in 2018 merger of Acunetix (Est.
    2005) and Netsparker (Est. 2009)

    ● Dynamic Application Security Testing


    (DAST) and Interactive Application
    Security Testing (IAST) technology > 625K web apps >140% Net Retention
    ● 100% subscription software scanned In Enterprise

    ● Flexible Deployment model


    ○ On-premise
    ○ Private Cloud
    ○ Public Cloud
    ○ Hybrid 3,400+
    300+ Employees
    Customers
    High Review
    Low Review Coverage
    Coverage

    Customers’ Choice
    GitLab

    Highest percentage of
    ★ Netsparker
    ★ Acunetix
    ★ Checkmarx

    5 star reviews for any


    ★ Contrast Security
    ★ Netsparker
    ★ PortSwigger ≥ 4.6
    ★ Veracode Market

    application security

    Overall Rating
    Rating

    testing tool in Gartner CAST


    GrammaTech
    Micro Focus
    Qualys
    < 4.6
    Market
    Rating

    Peer Insights
    ImmuniWeb Synopsys
    Rapid7
    WhiteHat Security

    95% of 4.9/5 for product


    respondents capabilities Review Coverage

    were willing to the highest of any tool


    Sorted Alphabetically
    recommend Acunetix
    Invicti Security
    in Vietnam

    Partnership with

    Entered market Resellers Customers Web apps scanned


    since 2009 70+ 200+ 2K+
    Frequent questions or concerns:

    ● How do you gain confidence that you have assessed your entire
    attack surface?

    ● Can you reduce manual tasks while maintaining confidence?

    ● How do you bridge the gap between security and development?

    ● Is it possible to maintain security with continuous deployment?


    Product Overview
    Netsparker
    By Juan Gonzalez
    A single platform for all of
    your web security needs

    Check the state of security for all of your


    Web Applications, Web Services & APIs

    A complete solution to address all your


    organization’s web security needs
    What is Netsparker?

    Netsparker is an automated, yet fully configurable, web application


    security scanner that enables you to scan websites, web
    applications and web services, and identify security flaws.

    Netsparker can scan all types of web applications, regardless of the


    platform or the language with which they are built.

    Netsparker is the only online web application security scanner that


    automatically exploits identified vulnerabilities in a read-only and
    safe way, in order to confirm identified issues.
    Netsparker by Invicti
    Target Customer Type: Enterprise companies

    ● True Accuracy & Automation with Proof Based Scanning


    ● Most robust set of integrations - including development tools and user
    environments like SSO
    ● Flexible deployment (on-demand, on-prem, private cloud etc.)
    ● Features focused on scaling and automation
    ● Can accommodate the largest number of targets
    ● Modular roles and teams to support any organization structure
    ● IAST for pinpoint accuracy and complete coverage
    ● SCA coming soon
    Key Technologies

    Accuracy Automation Coverage


    Find real Reduce manual Find the most
    vulnerabilities intervention to types of
    share results vulnerabilities

    Scalability Visibility
    Secure more Insight into web
    websites with applications and
    fewer people developer actions
    Key Technologies
    Proof-Based Scanning Proof of Concept
    Some vulnerabilities allow to It is the actual exploit
    exploit them manually or that proves that the
    generate a Proof of Concept. vulnerability exists

    Proof of Exploit Scan Policies


    It is used to report the data Determine and specify
    that can be extracted from the type, range, and
    the vulnerable target once the targets of your scan
    vulnerability is exploited according to your needs.
    Benefits of Integrate DAST into SDLC

    SDLC (Software Development Life cycle) defines all the


    processes needed to be included within the lifecycle starting
    from the coding all the way to have something tangible which
    can be used.

    1. Save time
    2. Streamlining
    3. Enforcing
    4. Better planning
    5. Better execution
    Netsparker

    Standard Enterprise:

    It is an on-premises desktop It is a scalable, multi-user web


    web vulnerability scanner. application security solution.

    Pre-scan and post-scan Vulnerabilities with our unique


    automation in one tool dynamic + interactive (DAST +
    IAST) scanning approach.

    SMB business Large-enterprise business


    Feature Standard Standard

    Delivery Desktop Application Hosted or On-Premises

    Websites 20 max 50+

    User Interface Windows Software Windows Software,


    Fully Responsive Web Dashboard
    (including mobile support)

    API Access √ √
    (command line) (REST API)

    Reporting and Reports √ √

    Custom Integrations - √

    Dedicated Tech Support - √

    Multi-user platform - √

    Dashboards - √
    Road to secure your organization

    Step 1 Step 2 Step 3 Step 4 Step 5

    Discover all your assets Detect vulnerabilities Address vulnerabilities Integrate in SDLC Continuously scan
    Improved Security Posture
    ● Gain a better understanding of your entire existing

    Why to use our attack surface


    ● With Netsparker, you can be confident that you
    always have an accurate picture of your entire web

    solutions? environment

    Netsparker
    Visibility and Reporting
    ● Clear, actionable dashboards and trend charts show
    both the current vulnerability status and the
    progress your security and development teams are
    making

    Operational Efficiencies
    ● Automatically confirm issues that comes up by using
    Netsparker Proof-Based Scanning
    ● Automatically assign confirmed vulnerabilities to
    specific developers
    ● Focus on vulnerabilities that really need human
    expertise!
    ● Achieve measurable security improvements and
    reduced costs
    with a short time to value
    Demo
    By Mark Schembri
    Thank you for trusting
    Invicti.
    Suyan Zou
    Senior Partner Account Manager
    suyan.zou@invicti.com

    You might also like