Application & Service Discovery Service

This feature enables you to become aware of your enterprise's online collateral, web applications and services. This enables you to conduct a comprehensive security audit and better secure your online presence, continually reducing security threats.

This service works independently from our Netsparker Enterprise product, and already has hundreds of millions of services on its database. It continually scans the entire internet.

  • As soon as you register with Netsparker Enterprise, the system begins the discovery process with your commercial email, immediately suggesting websites that might also belong to you.
  • Once you start adding websites, the system makes new suggestions based on those websites.
  • Netsparker analyzes your configuration and data, then suggesting further websites that might also belong to you.

The Discovered Websites window displays and enables you to manage all websites Netsparker has discovered:

  • You can conduct faceted search in a minimalistic way. Basic operations like ignore, create website and blacklist some parameter can be achieved here as well.
  • The Status column's default filter is set to New, so that newly discovered websites are displayed. This window then operates like a To Do list. We recommend you keep on top of this list, and process discovered items, by creating or excluding each discovered website every time you log in.

All users with Manage Websites permission can view Discovered Websites and configure Service Discovery Settings.

Discovered Websites Fields

This table lists and explains the panels in the Discovered Websites window.

Field

Description

Authority

This is the hostname or IP address and the port number for a server. For example, in http://example.com:81/, example.com:81 is the authority.  

IP Address

This is the IP address of the website.

Top Level Domain

The TLD refers to the last segment of a domain name, or the part that follows immediately after the dot(.) symbol. For example, in the domain name www.example.com, the top-level domain is 'com'. TLDs are mainly classified into two categories: generic TLDs and country-specific TLDs. Examples of some of the popular TLDs include: .com, .org, .net, .gov, .biz and .edu.

Second Level Domain

A second-level domain is a domain that is directly below a top-level domain (TLD). For example, in example.com, 'example' is the second-level domain of the .com TLD.

Organizational Name

This is the name of the organization that is registered as the owner of the website.

Status

This is the status of the website. The options are: New, Ignored or Created:

New: This indicates websites that have just been discovered

Ignored: This indicates websites that you've ignored

Created: This indicates websites that you've created

Filtering

Filters enable you to find discovered websites that match given criteria.

How to Filter Your List of Discovered Websites

  1. In the Discovered Websites window, click the filter button () next to any column header. The filter dialog is displayed.

  1. Click to delete all fields by which you don't want to filter.
  2. Add a New Filter if necessary (see How to Add a New Filter).
  3. In the relevant field, where relevant:
    • From the FIELD dropdown, select an option
    • From the OPERATOR dropdown, select an option
    • In the VALUE field, enter a value
  1. Click Apply. The list is filter by the selected criteria.

How to Add a New Filter

  1. In the Discovered Websites window, click the filter button () above the Discovered Websites field next to any column header. The filter dialog is displayed.
  2. In the filter dialog, click New Filter. A new row is displayed.
  3. Configure as required.

How to Filter Using Faceted Search

You can also filter the list of Discovered Websites using a faceted search. Click the number in next to the IP Address, Second Level Domain, Top Level Domain or Organization Name in any row to filter on that criteria.

The list will display only websites that fit the criteria you've clicked on.

Service Discovery Settings

In this window, you can configure the settings that determine how the Discovered Websites list searches for online resources.

The discovery process uses specific parameters to suggest websites:

  1. IP Address or IP Range
  2. Second Level Domain (SLD)
  3. Top Level Domain (TLD)
  4. Organization Name

You can extend or narrow the the results using these parameters, for example:

  • You can select to detect all websites that have SLD netsparker
  • You can select to detect all websites that have TLD .gov

The Service Discovery Settings window has the eight tabs. Each is outlined below.

Match Settings

This table lists and explains the sections in the Match Settings tab. They are all enabled by default.

Setting

Description

Email Matching

Enable to use your account's email address second level domain as a matching option.

Website Matching

Enable to use your added website's second level domain as a matching option. This website matching option has a limit of 32 websites.

Only Registered Domains

Enable to exclude web services that do not have a publicly available DNS record.

Reverse IP Lookup

Enable to take the IP address pointing to a web server and search for other sites known to be hosted on the same web server.

Organization Name Matching

Enable to conduct another scan via the Organization Names extracted from the result set’s TLS certificates.

Second Level Domains

This tab lists the addresses that are below the top-level domains. A second-level domain is a domain that is directly below a top-level domain (TLD). For example, in example.com, 'example' is the second-level domain of the .com TLD.

Organizations

This tab lists the organization name (listed in the certificate's organization name fields or website's copyright section) for each website or service that you want included in your Discovered Websites list.

IP Addresses

This tab lists the IP addresses for each website or service that you want included in your Discovered Websites list.

Excluded Second Level Domains

This tab lists the excluded second-level domains for each website or service that you want included in your Discovered Websites list.

Excluded Top Level Domains

This tab lists the top-level domains for each website or service that you want included in your Discovered Websites list. The TLD refers to the last segment of a domain name, or the part that follows immediately after the dot(.) symbol.

Excluded Organizational Names

This tab lists the name of the organization that is registered as the owner of the website.

Excluded IP Addresses

This tab lists the IP Addresses whose websites you would like excluded from the Discovered Websites list.

How to Configure Service Discovery Settings

  1. Log in to Netsparker Enterprise.
  2. From the main menu, click Discovery, then Discovered Websites. The Discovered Websites window is displayed.

  1. Click Settings. The Service Discovery Settings window is displayed.

  1. Configure the settings as explained in the table above.
  2. Click Save & Recrawl.

Creating Websites

Customers can create (import into Netsparker) a website or multiple websites from the list of discovered websites.

For further information, see Importing Websites in Netsparker Enterprise.

How to Create a Website

  1. Log in to Netsparker Enterprise.
  2. From the main menu, click Discovery, then Discovered Websites. The Discovered Websites window is displayed.

  1. Select the relevant websites, and click Create. The Import Websites window is displayed.

  1. Complete the fields as explained in Importing Websites in Netsparker Enterprise.
  2. Click Save.

How to Create Multiple Websites

  1. Log in to Netsparker Enterprise.
  2. From the main menu, click Discovery, then Discovered Websites. The Discovered Websites window is displayed.
  3. Click the Create dropdown, and click Create [#] Services. The Import Websites window is displayed.

The Import Websites window is displayed.

  1. Complete the fields as explained in Importing Websites in Netsparker Enterprise.
  2. Click Save.

Excluding Discovered Websites

You can exclude or ignore websites in this list, because they are redundant or duplicates. This will remove these items from the list, and they will not get discovered a second time.

How to Exclude a Discovered Website

  1. Log in to Netsparker Enterprise.
  2. From the main menu, click Discovery, then Discovered Websites. The Discovered Websites window is displayed.

  1. Select the checkbox(es) of the website(s) that you want to exclude.
  2. In the same row, click Exclude, then Mark Service as Ignored.

How to Exclude All Discovered Websites

  1. Log in to Netsparker Enterprise.
  2. From the main menu, click Discovery, then Discovered Websites.

  1. Click the Exclude dropdown at the top of the window.
  2. Select Ignore [#] Services.

Blacklisting Discovered Websites

You can blacklist discovered websites based on certain criteria. This means that websites that meet the criteria, such an an IP address, will be excluded from the list.

Option

Description

Blacklist IP Address

Select to exclude all websites and services with this IP address.

Blacklist Second Level Domain

Select to exclude all websites and services with this second level domain.

Blacklist Top Level Domain

Select to exclude all websites and services with this top level domain.

Blacklist Organization

Select to exclude all websites and services with this organization.

How to Blacklist a Discovered Website

  1. Log in to Netsparker Enterprise.
  2. From the main menu, click Discovery, then Discovered Websites. The Discovered Websites window is displayed.
  3. Next to the relevant website, click the Exclude dropdown.
  4. Select an option. A confirmation dialog is displayed.
  5. Click Yes, Exclude.
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO