SUPPORT

Contact Support

OPEN A TICKET

Custom Report Policies

A report policy is a list of reporting settings for web security scan results and reports. A Custom Report Policy enables you to configure these settings, including how the web security scanner displays its findings in the Netsparker application and in reports. (If you want to enable or disable specific security checks in the actual scan itself, you should configure a Scan Policy instead.)

When you exclude the SQL Injection vulnerability from a Report Policy and run a report, the scanner will still check if the target web application is vulnerable to this vulnerability. However, if it detects one, it won’t report it in the scan results. With the Report Policy, the SQL Injection is only hidden.

If you later generate a report from the same scan with the Default Report Policy, in which the SQL Injection vulnerability is included, the identified SQL Injection vulnerability will be listed in the report.

For example:

  • You can specify which detected vulnerabilities Netsparker should report in the Scan Results
  • You can also change the Severity level, the visibility, and the classification properties of a vulnerability

Netsparker’s built-in Report Policy is called the Default Report Policy. It is read-only and it is used to provide the default settings for your custom Report Policies. You can clone existing Report Policies or create new ones, and then the new custom report policy is modified to suit your requirements.

Report Policy Fields

This table lists and explains the fields in the New Report Policy window in Netsparker Enterprise.

Fields

Description

Name

Enter a friendly name for the Report Policy.

Description

Enter a simple description that will help you remember what it is for.

Shared

Select this checkbox to share your Report Policy with other team members.

How to View Report Policies in Netsparker Enterprise

From the main menu, click Policies, then Report Policies. The Report Policies window is displayed. From there, you can view, clone, edit or delete any listed policy. Admin users with permission can manage their Team Member's Report Policies. This means that if a Report Policy is private but belongs to your team member, you can still view, edit, delete and clone that policy.

How to View Report Policies in Netsparker Standard

From the ribbon, click the Home tab, then Report Policy Editor. The Report Policy Editor window is displayed. From there, you can view, clone, edit or delete any listed policy, or add a new one.

How to Create a New Report Policy in Netsparker Enterprise
  1. From the main menu, click Policies, then New Report Policy. The New Report Policy window is displayed.

  1. In the Name field, enter a name for your report policy.
  2. In the Description field, enter a description for your report policy.
  3. Enable the Shared field, if required.
  4. Click Save.
How to Create a Custom Report Policy in Netsparker Enterprise
  1. From the main menu, click Policies, then Report Policies. The Report Policies window is displayed.
  2. Select the name of the Report Policy you want to customize. The Update Report Policy window is displayed.
  3. Click the Editor tab. The full list of vulnerabilities is displayed.

  1. In the vulnerabilities library list, check those you want to include in your Scan Report. You can also use the input field at the top to search for a specific vulnerability.

  1. For each vulnerability, use the dropdown to change the Severity Level of each vulnerability, if required.

  1. To add a new vulnerability to the Report Policy, click New in the vulnerabilities library list. The Vulnerability Editor is displayed.

         Fill in the fields as required and click Save.

  1. To clone a selected vulnerability to the Report Policy, click Clone in the vulnerabilities library list. The Clone Vulnerability dialog is displayed.

         From the Type dropdown, select the vulnerability type and click Save.

  1. To edit a selected vulnerability in the Report policy, click Edit in the vulnerabilities library list. The Vulnerability Editor dialog is displayed. Change as required and click Save.

  1. To change a template or the classification of a selected vulnerability in the Report Policy, edit the Vulnerability Details section and click Save.

  1. To delete a selected vulnerability in the Report Policy, click Delete.
How to Create a Custom Report Policy in Netsparker Standard
  1. From the ribbon, click the Home tab, then Report Policy Editor. The Report Policy Editor dialog is displayed. This consists of a Report Policy list, a vulnerabilities library list (with the full list of vulnerabilities that Netsparker scans for) and individual vulnerability details.
  2. In the Report Policy Editor, click New. At the top of the Report Policy list, a new Report Policy is displayed.
  3. Click on the new Report Policy to rename it.
  4. In the vulnerabilities library list, browse through it and use the checkboxes to select or deselect those you want to include or exclude from your Scan Report. You can also use the input field at the top to search for a specific vulnerability.
  5. For each vulnerability, use the dropdown to change the Severity Level of each vulnerability, if required.
  6. To add a new vulnerability to the Report Policy, click New in vulnerabilities library list. The Vulnerability Editor dialog is displayed.

         Fill in the fields as required and click OK.

  1. To clone a selected vulnerability to the Report Policy, click Clone in the vulnerabilities library list. The Clone Vulnerability dialog is displayed.

         From the Type dropdown, select the vulnerability type and click OK.

  1. To edit a selected vulnerability in the Report Policy, click Edit in the vulnerabilities library list. The Vulnerability Editor dialog is displayed. Change as required and click OK.
  2. To delete a selected vulnerability in the Report Policy, click Delete.
  3. To overwrite CVSS environmental matrices in all vulnerabilities, click Set Metrics. The Environmental Metrics dialog is displayed.

         Select the dropdown options from the fields as required. Click OK.

  1. On the Report Policy Editor, click OK.
How to Clone the Default Report Policy in Netsparker Enterprise
  1. From the main menu, click Policies, then Report Policies.
  2. For the relevant policy, click Clone. The New Report Policy tab is displayed.
  3. Complete the fields as described from step 2 in How to Create a Custom Report Policy in Netsparker Enterprise in Netsparker Enterprise.
How to Clone the Default Policy in Netsparker Standard
  1. From the ribbon, click Home, then Report Policy Editor.
  2. Select the relevant policy and click Clone. A cloned version of the relevant policy is displayed with ‘Copy’ after its name.
  3. Edit the cloned copy as described from step 3 of How to Create a Custom Report Policy in Netsparker Standard.
How to Use a Custom Report Policy in a Scan in Netsparker Enterprise

Once you have created a Custom Report Policy, you can use it when creating a New Scan, New Scheduled Scan or New Group Scan.

  1. From the main menu, click Scans, then New Scan. The New Scan window opens at the General tab.

  1. From the Report Policy dropdown, select your Custom Report Policy.
  2. Complete the remaining fields as described in Creating a New Scan.
How to Use a Custom Report Policy in a Scan in Netsparker Standard
  1. From the ribbon, click Home, then New. The Start a New Website or Web Service dialog is displayed.
  2. From the Report Policy dropdown, select your Custom Report Policy.
  3. Complete the remaining fields as described in Creating a New Scan.
Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO