The Proof-BasedTM Scanning Technology in Netsparker Web Vulnerability Scanners

Category: Product Docs & FAQS - Last Updated: Tue, 10 May 2016 - by Robert Abela

By automating most of the post-scan procedures with Netsparker's Proof-Based ScanningTM technology, you will have more time to fix the identified vulnerabilities and can leave the office on time.

The Netsparker web application security scanners are the first and only scanners that automatically exploit the vulnerabilities they identify during a web vulnerability scan. This Proof-Based ScanningTM technology is what sets the Netsparker scanners apart from the competition, and what enables both scanners to generate dead accurate scan results.

You can watch the video below for an introduction to the unique Proof-Based ScanningTM technology or read this document for a more detailed explanation of how this technology works and how it helps you automate most of the tedious and sometimes difficult post-scan task of verifying the identified vulnerabilities.

If it is Exploitable, it is not a False Positive

If a vulnerability can be exploited, it is not a false positive. That's definitely not arguable. The auto-exploitation technology is built on this concept; Netsparker finds a vulnerability and it automatically exploits it. By exploiting it, it confirms it is not a false positive. And when either Netsparker Desktop or the online web application security scanner Netsparker Cloud confirm a vulnerability, it will be marked as seen in the below screenshot.

Automatically Generating a Proof of the Identified Web Vulnerability

This is where it gets interesting; the Netsparker scanners do not just automatically exploit and confirm an identified vulnerability. They also prove that the vulnerability exists by generating either a Proof of Concept or a Proof of Exploit.

Proof of Exploit vs Proof of Concept

Netsparker scanners will either generate a proof of exploit or a proof of concept depending on the type of the identified vulnerability. Below is an explanation of what both are and for which vulnerabilities the Netsparker scanners will generate them.

Proof of Concept

A proof of concept is the actual exploit that can be used to prove that the vulnerability exists. For example in case of a cross-site scripting (XSS) vulnerability Netsparker will generate an HTML code snippet that when run it will exploit the identified XSS. A proof of concept can be used to demonstrate and reproduce the vulnerability to a developer, thus giving a quick insight about how the attacker can use and exploit this vulnerability.

Below is a screenshot of a cross-site scripting vulnerability reported in Netsparker Cloud. Notice the Proof URL, in which Netsparker reports the URL that is used to exploit the identified vulnerability.

Netsparker Cloud reports an identified XSS vulnerability, including the proof URL (PoC)

Proof of Exploit

A proof of exploit is used to report the data that can be extracted from the vulnerable target once the vulnerability is exploited, highlighting the impact an exploited vulnerability can have. For example in case the Netsparker scanners identify a SQL Injection vulnerability, they will extract data about the database and its setup as shown in the below screenshot.

SQL Injection Proof of Exploit

The Netsparker web vulnerability scanners can generate a proof of exploit when they identify any of the below vulnerability types:


  • SQL Injection
  • Boolean SQL Injection
  • Blind SQL Injection
  • Command Injection
  • Local File Inclusion (LFI)
  • Remote File Inclusion (RFI)
  • Remote Code Evaluation
  • Remote Code Execution via Local File Inclusion

Benefits of Proof-Based ScanningTM Technology

The benefits of automating the post-scan process with the Proof-Based ScanningTM technology are multifold. Just to mention a few:

  • You do not have to manually verify the vulnerabilities the scanners found, thus saving precious time that you can use to fix the reported security flaws instead.
  • You do not have to be a seasoned security professional to use any of the Netsparker security scanners. The results are automatically confirmed for you, so there is no need to know how to reproduce the findings.
  • You can assign the web application vulnerability scanning to less technical people and let the developers focus on what they do best; write code.
  • The process of finding vulnerabilities in web applications will cost you less since you can assign the scanning tasks to less technical people.
  • As a QA you won't be sent back by the developers to prove that there is a vulnerability in their code. Sounds familiar doesn't it?
  • As a developer or service provider you do not need to convince your superior or customer to fix their issues. Just show them the proof and they will surely give you the go ahead!

Is Proof-Based ScanningTM Technology Safe?

Yes, it is. The Netsparker web vulnerability scanners will only try to exploit a vulnerability in a safe and read only manner. For example, when exploiting a SQL injection vulnerability and generating a proof of exploit for it, they will only try to read data from the database and server. The scanners will not try to write or delete data from the database.


Dead accurate, fast & easy-to-use Web Application Security Scanner