Using Netsparker Cloud Notifications to Be Instantly Alerted via Email and SMS

In Netsparker Cloud web application security scanner you can configure SMS and email notifications so you and your users can be notified instantly about the status of a web application security scan, or when specific vulnerabilities are identified on the web applications you are scanning.

When Should You Use the Notifications in Netsparker Cloud?

Not all web applications and vulnerabilities have the same criticality. The urgency of fixing a cross-site scripting (XSS) vulnerability on a staging website is different than that of a cross-site scripting vulnerability on a live website. The live website needs immediate attention because it is available to the public and attackers can easily find such vulnerability and exploit it.

On the other hand, it is kind of expected to find vulnerabilities on a staging website. After all that is the purpose of having and scanning a staging website for vulnerabilities; to identify any possible vulnerabilities before the code is migrated to a live environment.

The email and SMS notifications in Netsparker Cloud allow you to be notified of urgent matters. For example you can be notified via SMS when one or more critical vulnerabilities are identified on a live website. To configure new SMS or email notifications it is very easy, as explained in this article.

Configuring the Netsparker Users' Profile for the Notifications

The email address is mandatory for every Netsparker Cloud user, therefore by default Netsparker Cloud has the email address of every user. Though the phone number needs to be added manually and once added it will be used by the system to send the SMS notifications.

Configuring the Phone Number

To configure the phone number for a Netsparker Cloud users simply specify the phone number in the Phone Number field in the user's Account Settings page.

Configuring the phone number for a user in Netsparker Cloud

Proceed to confirm the phone number by clicking the Confirm button. The confirmation process requires you to enter a 6 digit code which is automatically sent to the user's phone.

Configuring and Managing the Netsparker Cloud Notifications

Creating a new Email or SMS Notification Rule

To create a new SMS or email notification rule in Netsparker Cloud:

  1. Click the Notifications node in the left hand side menu and click on New Notification.
  2. Enter a name for the notification and ensure the status is Enabled.
  3. Select the Event from the drop down menu for which you would like to be notified. A notification can be sent when any of the below events happen:
    • New Scan
    • Scan Completed
    • Scan Failed
    • Scan Cancelled
    • Scheduled Scan Launch Failed

NOTE: When you select Scan Completed you also have to specify the lowest vulnerability severity level that should be identified for the email or SMS notification to be sent. For example if you choose Important the notification will ONLY be sent if the scan is complete and there are at least one or more vulnerabilities which have Important or Critical severity, Critical being of higher severity.

  1. Select the Scope of the notification, with which you specify if the notification applies for a single website, a Website Group or for any website being scanned in your Netsparker Cloud account.
  2. Specify whom shall be alerted either via email, SMS, or both and click Save to save the new notification.

Creating a new email or SMS notification rule in Netsparker Cloud

Managing Existing Notifications

You can see all the configured notifications from the Manage Notifications node. From this section you can Clone, Edit and Delete existing notifications.

Managing the email and SMS notifications in Netsparker Cloud

Managing Notifications Priorities

Netsparker Cloud notifications are grouped by their Event type and then they are prioritized by their Scope. Also, the latest added notification gets the highest priority. The priority of the scopes is as follows:

  • Single website scope
  • Website group scope
  • Any website scope

This means that when a new scan is started, Netsparker Cloud checks all the notifications for the New Scan event in the above mentioned order. So if for example a website is listed in a New Scan single website scope and a New Scan website group scope notification, once the new scan starts the single website scope notification is triggered first and the website group scope notification is ignored. Refer to the below chart for a graphical explanation of the scope's priorities.

Notifications are grouped by Event type and prioritized by Scope in Netsparker Cloud

To change the priority of a notification within its group, click the Manage Priorities node from the left hand side menu and select the Event for which you would like to see the notifications. You can also filter the results by specifying the name of a website or a website group in the Website or Website Group input field.

For example in the screenshot below you can see all the notifications that are triggered during the New Scan event.

Configuring the notifications priority in Netsparker Cloud

Drag and drop any of the notifications to change their priority.

Testing the Notifications

Ensuring that the notifications work is very important, especially if you are using them to be notified of possible critical vulnerabilities on a live web application. You can do a dry run and test the notifications from the Test Notification node in the Notifications menu. To test a notification:

  1. Select the event from the Event drop down menu.
  2. To test the notification for a Website Group enable the Group Scan button and select the group from the Website Group drop down menu.
  3. To test the notification for a single website, simply select the website from the Website drop down menu.
  4. Select the user for which you would like to test the notification from the User drop down menu and click Test.

Configuring a dry run test for email and SMS notifications in Netsparker Cloud

Once a dry run of the notification is complete, the results will highlight the matching rule, and the recipients which will be emailed and sent an SMS, as shown in the below screenshot.

The results of a notification rule

Use Email and SMS Notifications to Stay on Top of the Web Security Game

Ensuring the long term security of many websites is no easy feat, but the notifications in Netsparker Cloud help you ease the process and stay on top of your game. Take advantage of the notifications and configure them so you and your team can be alerted when vulnerabilities are detected on a live web applications, or for any other specific scenario you would like to be notified about.


Dead accurate, fast & easy-to-use Web Application Security Scanner