What is a Controlled Web Security Scan?
The controlled scan feature in Netsparker Desktop allows you to scan a single page or parameter for a specific number of vulnerabilities. A controlled scan can be launched during and after the automated web vulnerability scan, though it is mostly used when doing a manual web application crawl or when using the Crawl and Wait feature.
As an example this document explains how to scan a single parameter after automatically crawling a web application. The same concept can be applied to any type of scan.
Scanning a Single Parameter for Vulnerabilities on a Web Application
1. Crawl the Website
Once you launch Netsparker Desktop, specify the target URL in the Start a New Website or Web Service Scan dialogue and select Crawl and Wait from the drop down menu of the scan button.
When using this method, the scanner will ONLY crawl the website and will only report issues that are noticed during the crawl, such as when the credentials are sent over clear text.
2. Select the Parameter to Scan
Once the web application has been crawled (or even before the crawl finishes), find the page or parameter that you would like to scan, right click it and select Controlled Scan.
3. Configure and Launch the Controlled Scan
Once the controlled scan interface is launched you can select which type of vulnerability checks you would like to run. Once ready click the Scan button to launch the controlled scan. In case a you select to scan a page with multiple parameters, you can also select which of the parameters should be scanned during the controlled scan.
If vulnerabilities are found during the controlled scan, they will be reported like any other vulnerability, which means they will be added to the list of Issues in the bottom window and also under the vulnerable file in the Sitemap, as shown in the below screenshot.
Retesting a Single Vulnerability
Related to the same subject, if you would like to retest a single reported vulnerability you can do so by finding the vulnerability in the Sitemap or in the list of Issues and select Retest, as shown in the screenshot below. Should the vulnerability be fixed it will be struckthrough.