Frequently Asked Questions
License Questions
- » What is the best license to fit my needs ?
- N-Stalker provides the most flexible licensing model available for Web Security Scanners in the market.
You may choose to scan applications while in development stage (searching for custom errors only), deployment
stage (searching for common vulnerabilities in web servers and third-party packages) or
the complete model (searching for custom errors, web application exposures and web servers vulnerabilities).
These are QA, Infrastructure and Enterprise Edition respectively. Once profile is decided,
you will only have to choose the number of IPs you want.
- » What is the difference between Perpetual and Annual Subscription license ?
- Perpetual License, like the name says, it is meant for perpetual use, which means
you may maintain the installation even after your upgrade service is expired. It is ideal
for corporations that demand continuous assessment of their Web Applications. Annual
Subscription is a flexible license that allows you to use N-Stalker for a period of one (1)
year like a service. After subscription period is over, N-Stalker Scanner should be removed
from the installed machine otherwise service must be extended.
- » What is the difference between Corporate and Consultant Unlimited IP licenses ?
- Corporate Unlimited License allows you to scan Private IANA (rfc1918) IP blocks and those public IP blocks belonging to the company (whois
information may be used). Consultant Unlimited license does not have any restriction, allowing you to scan
the entire IP address space.
- » Can I run N-Stalker from multiple machines ?
- Yes, however they must not run simultanously. N-Stalker is shipped with a "remote control"
mechanism that allows customers to attach and detach license remotely. This feature gives the ability
to move license from one machine to another.
- » Do you provide discount for volume licenses ?
- Yes, of course. Please, contact us for volume discounts -- we have very
special discount values for volume licenses.
- » I'm a consultant and I would like to purchase a flexible license model. Do you have such ?
- Yes, it is called Consultant Unlimited License. You just have to choose your profile (QA, Infrastructure,
Enterprise Edition) and Consultant Unlimited License model. You will be able to scan the entire IP
address space (no restrictions) and move your license from one installation to another easily.
Technical Questions
- » Do you scan for Cross-site scripting and SQL injection ?
- Yes, our technology allows for OWASP Top10 recommendations and much more.
You will find the complete number of security checks here.
- » What about the 35,000 attack signatures database ?
- Yes, we are very proud of it. Not only we maintain a large number of custom error checks,
but you will also be able to scan your infrastructure against the well-known "N-Stealth(tm)
Web Attack Database", containing more than 35,000 signatures for web server and third-party
web packages vulnerabilities.
- » Do you support all features available in the HTTP protocol ?
- Yes, N-Stalker supports HTTP version 1.1 and enhances your scanning experience using
a proprietary engine (including SSL).
- » What are the supported authentication methods ?
- N-Stalker supports every available HTTP authentication method. It includes host authentication (including
proprietary Microsoft(c) NTLM mechanism and basic/digest), x509 client-side digital certificate and
even custom Web Form authentication (such as your custom login page).
- » I am absolutely a begginner on Web Application Security. Is it the right tool ?
- Yes. N-Stalker has two different approaches on usuability: "I'm not a security guru" and
"I'm a pen-tester pro". You can rely upon high level configuration or go deep into technical
details to verify your web application security status.
- » Do you support J2EE, Microsoft.NET(R), Microsoft(R) ASP, ColdFusion or PHP platforms ?
- Yes. Every known Web development platform is supported. From well-known commercial platforms
to more obscure frameworks such as LUA.
- » What kind of security checks are you able to do ?
- Check here for the entire list. Checks are split into different
editions so you may have an idea of the best tool for your task.
- » My application requires a custom navigation. Are you capable of spidering through it ?
- That's what we do better! N-Stalker can record a web session direct from your web browser,
replaying it against your Web Application, even custom interactions such as web form login.
- » My application is very complex. I have several reverse proxy Web Servers in the same URL, running different platforms. How do you handle that ?
- Our exclusive Component-oriented Web Application Security Assessment technology allows N-Stalker to
identify every distinct component within your Web Application, even reverse proxies that distributes
different platforms in the same application URL. N-Stalker will treat every component differently,
searching for common vulnerabilities for each particular platform.
- » Can we try it ?
- Sure you can! Please, try our free version to get to know more about
our scanning methods, however, you will not be able to run custom Web Applications checks such
as XSS and SQL injections. If you want to try the whole package,
contact us for an evaluation version.