N-Stalker Web Application Security Scanner
Strengths: Pinpoint web application security scanner.
Weaknesses: A little pricey for just one URL.
Verdict: A good product, but most economical for multiple URLs.
SummaryThe N-Stalker Web Application Security Scanner assesses a web application against a wide range of vulnerabilities, including the application layer and infrastructure layer. Scans for the application layer are based on the Open Web Application Security Project (OWASP) Top 10 and Common Weakness Enumeration (CWE) Top 25. Scans against the infrastructure layer include more than 35,000 signatures for server and third-party packages.
This product was quite easy to install, but a little tricky to use. The installation took just a few minutes and was guided by a short setup wizard. After the application is installed, everything is run from the N-Stalker application. This application has a clean organized look, but can be a bit overwhelming at first. This product has a lot of options that can be configured, so we had to spend a few minutes getting familiar with the console.
Scans, however, are easy to run. Clicking the New Scan button opens up the scanning wizard, which guides users through setting up the scan. This wizard allows for options to be configured, such as choosing the target and optimizing settings to deal with authentication and false positives.
During a scan, the Web Application Security Scanner must send browser-like traffic toward the target, but it does not rely on any external applications. All this is done through the single standalone application.
Documentation includes a single PDF user guide, which covers the entire product from installation through use of features and advanced configuration. This manual includes many screen shots, configuration examples and step-by-step instructions.
N-Stalker offers eight hours a day/five days a week phone, email and web ticketing technical support included in the purchase price of the product. There is also a large support area available on the website, which includes resources, such as a knowledge base, user forum, blog area and technical documentation.
At a price starting at just under $1,400 for one URL, this product is quite pricey, but it does offer some significant testing ability. Depending on the size of the environment, there is also an option for unlimited URLs at a price of $6,300. We find this product offers a comprehensive set of features and is a good value for the money.