SANS Top 25 Report

Oguz Kurumlu - Fri, 20 Mar 2020 -

The Netsparker web application security scanner incorporates several common industry vulnerability standards and protocols. The latest to be added in the Netsparker Standard 5.6 January 2020 Update is the SANS Top 25.

SANS Top 25 Report

In the Netsparker Standard 5.6 January 2020 Update, we introduced a new SANS Top 25 Report in Netsparker Standard.

SANS Top 25 is a list of the Common Weakness Enumeration's (CWE) most dangerous software errors. These are errors that can result in severe vulnerabilities that can allow attackers to steal data, completely take over applications, or prevent them from working completely. 

The list is based on Common Vulnerabilities and Exposures (CVE) data, information from the National Vulnerability Database (NVD) and from the Common Vulnerability Scoring System (CVSS). Contributors range from across the software industry.

When creating a new scan in Netsparker Standard, you can select the SANS Top 25 Checks scan policy from the Scan Policy dropdown in the Start a New Website or Web Service Scan dialog. This ensures that Netsparker scans for these vulnerabilities.

Once a scan has been completed, SANS Top 25 issues are displayed as shown in the SANS Top 25 Report.

For further information, see Report Templates and What Errors Are Included in the Top 25 Software Errors?. For further information on other features in this release, see Netsparker Standard 5.6 – January 2020 Update.