Creating a Controlled Scan

This feature allows you to scan a single page or parameter for a specific number of vulnerabilities. A controlled scan can be launched during and after the automated web vulnerability scan, though it is most often used in the following contexts:

  • During a manual web application crawl
  • When using the Crawl and Wait feature

This topic explains how to scan a single parameter after automatically crawling a web application. The same concept can be applied to any type of scan.

This feature is only available in Netsparker Standard.

For further information, see Manual Crawling with Netsparker Standard in Proxy Mode.

How to Scan a Single Parameter for Vulnerabilities

  1. First, launch Netsparker Standard.
  2. From the Home tab, click New. The Start a New Website or Web Service Scan dialog opens.
  3. In the Target Website or Web Service URL field, enter the target URL.

Select the Crawl and Wait option to automatically crawl but not scan a website for vulnerabilities.

  1. From the Scan button dropdown, select Crawl and Wait. Using this method, the scanner will only crawl the website and report issues that are noticed during the crawl (for example, when credentials are sent over clear text).
  2. Once the web application has been crawled (or even before the crawl finishes), look in the SiteMap window, find and select the page or parameter that you would like to scan. Right click it and select Controlled Scan. The Controlled Scan panel opens in the central pane.

  1. Once the controlled scan interface is launched, use the Controlled Scan panel to select which type of the parameter(s)s you would like to run. (You can also use the Choose Security Checks to select which tests should be scanned during the controlled scan.)
  2. Click Scan.
  3. If vulnerabilities are found during the Controlled Scan, they will be reported like any other vulnerability and added to the list of issues displayed in the Issues list.

The identified vulnerabilities are reported the same way like the others

How to Retest a Single Vulnerability

  1. First, make sure that someone has actually fixed the vulnerability.
  2. From the File menu, click Local Scans and doubleclick to open a recent scan. The Scan opens in the Scan tab.
  3. In the Sitemap or Issues panel, locate the vulnerability. Right click it, and select Retest.
  4. If the vulnerability is fixed, it will be struck through.

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO