The Netsparker web application security scanners are the first and only scanners that automatically exploit the vulnerabilities they identify during a web vulnerability scan. This Proof-Based Scanning technology is what sets the Netsparker scanners apart from the competition, and what enables both scanners to generate dead-accurate scan results.
You can watch the video below for an introduction to the unique Proof-Based Scanning technology or read this document for a more detailed explanation of how this technology works and how it helps you automate most of the tedious and sometimes difficult post-scan task of verifying the identified vulnerabilities.
If a vulnerability can be exploited, it is not a false positive. That’s definitely not arguable. The auto-exploitation technology is built on this concept; Netsparker finds a vulnerability and it automatically exploits it. By exploiting it, it confirms it is not a false positive. And when either Netsparker Desktop or the online web application security scanner Netsparker Cloud confirm a vulnerability, it will be marked as seen in the below screenshot.
This is where it gets interesting; the Netsparker scanners do not just automatically exploit and confirm an identified vulnerability. They also prove that the vulnerability exists by generating either a Proof of Concept or a Proof of Exploit.
Netsparker scanners will either generate a proof of exploit or a proof of concept depending on the type of the identified vulnerability. Below is an explanation of what both are and for which vulnerabilities the Netsparker scanners will generate them.
A proof of concept is the actual exploit that can be used to prove that the vulnerability exists. For example in case of a cross-site scripting (XSS) vulnerability Netsparker will generate an HTML code snippet that when run it will exploit the identified XSS. A proof of concept can be used to demonstrate and reproduce the vulnerability to a developer, thus giving a quick insight about how the attacker can use and exploit this vulnerability.
Below is a screenshot of a cross-site scripting vulenrability reported in Netsparker Cloud. Notice the Proof URL, in which Netsparker reports the URL that is used to exploit the identified vulnearbility.
A proof of exploit is used to report the data that can be extracted from the vulnerable target once the vulnerability is exploited, highlighting the impact an exploited vulnerability can have. For example in case the Netsparker scanners identify a SQL Injection vulnerability, they will extract data about the database and its setup as shown in the below screenshot.
The Netsparker web vulnerability scanners can generate a proof of exploit when they identify any of the below vulnerability types:
The benefits of automating the post-scan process with the Proof-Based Scanning technology are multifold. Just to mention a few:
Yes, it is. The Netsparker web vulnerability scanners will only try to exploit a vulnerability in a safe and read only manner. For example, when exploiting a SQL injection vulnerability and generating a proof of exploit for it, they will only try to read data from the database and server. The scanners will not try to write or delete data from the database.