Get a Complete Picture of Each Vulnerability

Technical Details

• Vulnerability Type and Variant: Netsparker not only reports the vulnerability type, but also its variant. For example, in the case of cross-site scripting (XSS), Netsparker can specifically indicate Reflected XSS, Stored XSS, XSS via RFI, or Limited XSS.
• Vulnerability Details: For every identified vulnerability, Netsparker also reports the vulnerable page, its URL, the vulnerable parameter and its type, and the attack pattern and payload used during the scan.

Proof and Impact of the Vulnerability

• Proof of vulnerability: If Netsparker was able to automatically verify the vulnerability, the report includes proof that the issue is real and not a false positive.
• Vulnerability impact: Based on the results of automatic confirmation, Netsparker highlights the impact that the identified vulnerability could have if exploited. This helps security teams and management to make informed decisions when triaging issues and prioritizing vulnerability remediation.

How to Fix and Additional Information

• Remediation advice and references: For each vulnerability, Netsparker suggests how it can be fixed. To help developers understand the root causes of vulnerabilities and write more secure code in the future, Netsparker recommends additional reference resources.
• Classification and rating: The vulnerability details report also lists the vulnerability classification (PCI, CWE, OWASP, WASC, and others) and rating score.