Add IAST Depth to DAST Coverage

Netsparker Shark is an additional module deployed in the application environment that adds true interactive application security testing (IAST) capabilities to the core Netsparker scanning engine. The IAST sensor works hand in hand with the DAST scanner to provide deeper insights into runtime issues as well as identify and test local assets that crawlers can’t see.

Leave No File Behind

The IAST sensor is deployed locally in the runtime environment, providing a major visibility boost for the DAST engine’s core crawling capabilities. The scanner now has access to the full website structure, including unlinked and hidden files, so it can crawl and test all pages, not just the ones that are currently accessible to crawlers. This means you can identify and fix more vulnerabilities than with DAST alone and be confident that every corner of your site or application has been mapped and tested.

Net result: Maximize test coverage with inside information for crawling

Dig Deeper to Prevent Vulnerabilities

While exploring the application environment, the IAST sensor also identifies and analyzes local configuration files that are inaccessible to the DAST engine. This allows Netsparker to flag insecure configurations that might not be causing a vulnerability today but could lead to problems in the future. Combined with best-practice recommendations, this lets you proactively improve your security posture even when, on the face of it, your application isn’t yet vulnerable in a way that DAST alone could detect.

Net result: Find and fix issues before they become vulnerabilities

Maximize Confidence in Scan Results

Netsparker features Proof-Based Scanning™ to automatically verify many vulnerabilities found by the scanner and provide solid proof that they are real, exploitable issues. When the IAST module is deployed, it monitors the scanning process and supplies extra information to deliver proof for even more vulnerabilities. This results in even fewer false positives and allows you to confidently automate more issues without the need for manual verification.

Net result: Get more proof and more vulnerability details

Quickly Pinpoint Root Causes

The IAST sensor attaches to the application runtime to extract inside information during vulnerability testing performed by the DAST engine. When a vulnerability is detected, the sensor can deliver additional details that would be inaccessible with dynamic scanning alone, often down to the specific file name and line number. Depending on the technology and type of vulnerability, IAST insights can include injected payloads, exploit results, and stack traces generated by errors.

Net results: Locate security issues faster and fix them more effectively

Technical Requirements for Adding Shark to your Environment

  • PHP, Java, and .NET applications are currently supported.
  • You will need Netsparker deployed and configured to match your application environment.
  • The application runtime environment needs to allow for the deployment of an IAST sensor. For CI/CD pipelines, the recommended way is to include the sensor in a redeployable environment, such as a Docker image.

Save your security team hundreds of hours with
Netsparker’s web security scanner.

Get a demo See how it works