Netsparker Shark is an additional module deployed in the application environment that adds true interactive application security testing (IAST) capabilities to the core Netsparker scanning engine. The IAST sensor works hand in hand with the DAST scanner to provide deeper insights into runtime issues as well as identify and test local assets that crawlers can’t see.
The IAST sensor is deployed locally in the runtime environment, providing a major visibility boost for the DAST engine’s core crawling capabilities. The scanner now has access to the full website structure, including unlinked and hidden files, so it can crawl and test all pages, not just the ones that are currently accessible to crawlers. This means you can identify and fix more vulnerabilities than with DAST alone and be confident that every corner of your site or application has been mapped and tested.Net result: Maximize test coverage with inside information for crawling
While exploring the application environment, the IAST sensor also identifies and analyzes local configuration files that are inaccessible to the DAST engine. This allows Netsparker to flag insecure configurations that might not be causing a vulnerability today but could lead to problems in the future. Combined with best-practice recommendations, this lets you proactively improve your security posture even when, on the face of it, your application isn’t yet vulnerable in a way that DAST alone could detect.Net result: Find and fix issues before they become vulnerabilities
Netsparker features Proof-Based Scanning to automatically verify many vulnerabilities found by the scanner and provide solid proof that they are real, exploitable issues. When the IAST module is deployed, it monitors the scanning process and supplies extra information to deliver proof for even more vulnerabilities. This results in even fewer false positives and allows you to confidently automate more issues without the need for manual verification.Net result: Get more proof and more vulnerability details
The IAST sensor attaches to the application runtime to extract inside information during vulnerability testing performed by the DAST engine. When a vulnerability is detected, the sensor can deliver additional details that would be inaccessible with dynamic scanning alone, often down to the specific file name and line number. Depending on the technology and type of vulnerability, IAST insights can include injected payloads, exploit results, and stack traces generated by errors.Net results: Locate security issues faster and fix them more effectively