Netsparker reports vulnerabilities with a high degree of specificity, to ensure that developers understand the vulnerability, and are enabled to both fix it and learn to write more secure code.
Vulnerability Variants: Netsparker not only reports the vulnerability type, but also its variant. For example, in the case of XSS, Netsparker reports whether it is a Reflective XSS, Permanent XSS, XSS via RFI or Limited XSS.
Vulnerability Technical Details: For every identified vulnerability, Netsparker also reports the vulnerable page, its URL, the vulnerable parameter and its type, and the attack pattern and payload used during the scan.
Proof of Exploit: To verify that a vulnerability is not a false positive, Netsparker generates a Proof of Exploit.
Vulnerability Impact: Using its Proof of Exploit feature, Netsparker highlights the impact the identified vulnerability could have if exploited, enabling management to take more informed decisions when triaging vulnerability remediation.
Remedy and Web Links References: To help developers understand the mechanisms of a vulnerability, Netsparker recommends a number of references for developers to help them learn more about the vulnerability in question and write more secure code.
Compliance and Other Specifications: In its vulnerability details report, Netsparker also lists the vulnerability specifications (rating) in PCI, OWASP and WASC.
Try our fully customizable and scalable scanning software today. No payment is required and we will not ask for your credit card details.