N-Stalker Web Application Security Scanner
Strengths: Pinpoint web application security scanner with a comprehensive set of features
Weaknesses: A little pricey for just one URL
Verdict: A good product, but most economical for multiple URLs
The N-Stalker Web Application Security Scanner assesses a web application against a wide range of vulnerabilities, including the application layer and infrastructure layer. Scans for the application layer are based on the OWASP Top 10 and CWE Top 25. Scans against the infrastructure layer include more than 35,000 signatures for server and third-party packages.
This product was quite easy to install but a little tricky to use. The installation took a few minutes and was guided by a short setup wizard. After it is installed, everything is run from the N-Stalker application. This has a clean, organised look, but can be a bit overwhelming at first. It has a lot of options that can be configured, so we had to spend a few minutes getting familiar with the console.
Scans are easy to run. Clicking the New Scan button opens up the scanning wizard that guides through setting up the scan. This wizard allows for options to be configured, such as choosing the target and optimising settings to deal with authentication and false positives. During a scan, the Web Application Security Scanner must send browser-like traffic towards the target but it does not rely on any external applications. All this is done through the single standalone application.
Documentation for the product includes a single PDF user guide that covers the entire product from installation through use of features to advanced configuration. It includes many screenshots, configuration examples and step-by-step instructions.
N-Stalker offers 8/5 phone, email and web ticketing technical support included in the purchase price of the product.
There is also a large support area available on the website, which includes resources such as a knowledgebase, user forum, blog area and technical documentation for the product.
At a price starting at £990 for one URL, the N-Stalker Web Application Security Scanner is quite pricey, but it does offer some significant testing ability and, depending on the size of the environment, there is also an option for unlimited URLs at a price of £4,460. It offers a comprehensive set of features and is good value for the money.