Netsparker

I like Netsparker because is very easy to use, but at the same time has a lot of options that allow an expert user to customize the level of scanning. Also make authenticated scan is very easy (several options are available). Report templates are different and cover all your needs.

When do concurrent scans it consumes a lot of resources.

UI is top-notch and easy to grok. It's highly efficient and customizable tool provide in depth reporting when you need it most. Support team is A+! Being able to generate multiple types of reports based on customer needs is quite useful.

Docs were a bit outdated or not easy to follow when we initially started using the product. Support has steadily been improving them and they look great now.

Netsparker comes with an automation API so it is possible to include it as part of a Continuous Integration / Continuous Deployment (CI/CD) system. It usually works but not always.

There is almost no documentation about how to use the product. You are expected to open a support ticket and ask how to do some of simplest things and it usually take a day to get a response back from support. Often the response is, "We don't support that", or "We don't have a sample that does that". I one time asked for .Net Framework sample code to pull a report from Netsparker and the answer I got was "Go toe the GUI and select these buttons. The report will download." The problem was I needed to download the reports problematically. Other times I asked for .Net samples and was given Python code. They are the same, correct?

While being easy to operate, it is flexible; offering diverse functions in vulnerability assessment from detecting basic vulnerabilities like out-of-date app versions to generating executive style reports of scan results.

It gets quite slow when testing for some vulnerabilities in larger URLs.