Get a Complete Picture of Each Vulnerability

Netsparker maximizes developer efficiency and eliminates guesswork with detailed scan results that contain everything a developer needs to resolve a vulnerability, including remediation information and education on secure coding practices to prevent new and recurring vulnerabilities in future code.

Blind SQL injection detected by Netsparker

Technical Details

  • Vulnerability Type and Variant: Netsparker not only reports the vulnerability type, but also its variant. For example, in the case of cross-site scripting (XSS), Netsparker can specifically indicate Reflected XSS, Stored XSS, XSS via RFI, or Limited XSS.
  • Vulnerability Details: For every identified vulnerability, Netsparker also reports the vulnerable page, its URL, the vulnerable parameter and its type, and the attack pattern and payload used during the scan.

Proof and Impact of the Vulnerability

  • Proof of vulnerability: If Netsparker was able to automatically verify the vulnerability, the report includes proof that the issue is real and not a false positive.
  • Vulnerability impact: Based on the results of automatic confirmation, Netsparker highlights the impact that the identified vulnerability could have if exploited. This helps security teams and management to make informed decisions when triaging issues and prioritizing vulnerability remediation.

Developer Education

  • Security training and feedback loop: Incorporating application security testing into the SDLC allows Netsparker to detect vulnerabilities as code is being committed. The detailed scan information provided at code commit creates a feedback loop that teaches developers to produce more secure code.
  • Remediation advice and references: For each vulnerability, Netsparker suggests how it can be fixed and provides additional reference resources. This enables developers to understand the root causes of vulnerabilities and write more secure code in the future.
  • Classification and rating: The vulnerability details report also lists the vulnerability classification (PCI, CWE, OWASP, WASC, and others) and rating score.

Save your security team hundreds of hours with
Netsparker’s web security scanner.

Get a demo