The Proof-Based Scanning™ Technology in Netsparker Web Vulnerability Scanners

Category: Product Docs & FAQS - Last Updated: Mon, 17 Dec 2018 - by Robert Abela

By automating most of the post-scan procedures with Netsparker's Proof-Based ScanningTM technology, you will have more time to fix the identified vulnerabilities and can leave the office on time.

The Netsparker web application security scanner is the first and only solution that automatically exploits the vulnerabilities it identifies during a web vulnerability scan. This Proof-Based ScanningTM technology is what sets the Netsparker security solution apart from the competition, and what enables it to generate dead accurate scan results.

Watch the video below for an introduction to the exclusive Proof-Based ScanningTM technology and read this document for a more detailed explanation of how this technology works, and how it helps you automate most of the tedious and difficult post-scan task of verifying the identified vulnerabilities.

If it is Exploitable, it is not a False Positive

If a vulnerability can be exploited, it is not a false positive. That's definitely not arguable. The auto-exploitation technology is built on this concept; Netsparker finds a vulnerability and it automatically exploits it. By exploiting it, it confirms it is not a false positive. And when the web application security scanning solution confirms a vulnerability, it will be marked as confirmed, as highlighted in the below screenshot.

Automatically Generating a Proof of the Identified Web Vulnerability

This is where it gets interesting; Netsparker does not just automatically exploit and confirm an identified vulnerability. It also proves that the vulnerability exists by generating either a Proof of Concept or a Proof of Exploit.

Proof of Exploit vs Proof of Concept

Netsparker will either generate a proof of exploit or a proof of concept, depending on the type of the identified vulnerability.

Proof of Concept

A proof of concept is the actual exploit that can be used to prove that the vulnerability exists. For example in case of a cross-site scripting (XSS) vulnerability Netsparker generates a HTML code snippet that when executed it will exploit the identified XSS. A proof of concept can be used to demonstrate and reproduce the vulnerability to a developer, giving them a quick insight about how the attacker can exploit the vulnerability.

Below is a screenshot of a reported cross-site scripting vulnerability. Notice the Proof URL, in which Netsparker reports the URL that is used to exploit the identified vulnerability.

Netsparker Cloud reports an identified XSS vulnerability, including the proof URL (PoC)

Proof of Exploit

A proof of exploit is used to report the data that can be extracted from the vulnerable target once the vulnerability is exploited, highlighting the impact an exploited vulnerability can have. For example in case Netsparker identifies a SQL Injection vulnerability, they will extract data about the database and its setup as shown in the below screenshot.

SQL Injection Proof of Exploit

The Netsparker web security solution can generate a proof of exploit when it identifies any of the below vulnerability types:


Benefits of Proof-Based ScanningTM Technology

The benefits of automating the post-scan process of manually verifying the findings with the Proof-Based ScanningTM technology are multifold. Just to mention a few:

  • You do not have to manually verify the vulnerabilities the scanners found, thus saving precious time that you can use to fix the reported security flaws instead.
  • You do not have to be a seasoned security professional to use Netsparker and do a complete web application security check. The results are automatically confirmed for you, so there is no need to know how to reproduce the findings.
  • You can assign the web application vulnerability scanning to less technical team members and let the developers focus on what they do best; write code.
  • The process of finding vulnerabilities in web applications will cost less since you can assign the scanning tasks to less technical people and it takes less time.
  • As a QA you won't have to prove to the developers that there is a vulnerability in their code. Sounds familiar doesn't it?
  • As a developer or service provider you do not need to convince your superiors or customers to fix the issues. Just show them the proof and impact, and they will give you the go ahead!

Is Proof-Based ScanningTM Technology Safe?

Yes, it is. The Netsparker web security scanning solution only tries to exploit a vulnerability in a safe and read only manner. For example, when exploiting a SQL injection vulnerability and generating a proof of exploit for it, it will only read data from the database and server. It will not write or delete data from the database.


Keep up with the latest web security
content with weekly updates.