Contact Support


Deploying Netsparker Shark

You can run interactive security testing (IAST) with Netsparker Shark in your web application in order to confirm more vulnerabilities and further minimize false positives. 

Netsparker provides industry-leading dynamic application security testing (DAST) capabilities to help find vulnerabilities in the target web application. Using Shark enables Netsparker to provide additional information from the back-end while scanning your web application.

By adding IAST capabilities with the Shark, Netsparker provides the following benefits:

  • Showing the exact location of the issue and reporting debug information
  • Providing additional details to help security teams uncover more vulnerabilities
  • Complementing existing Proof-based Scanning™ functionality to automatically prove even more vulnerabilities and simplify remediation efforts
  • Ensuring that the entire web application is scanned, including any hidden and unlinked locations that may be inaccessible to the crawler

For Netsparker Shark to operate, you need to download an agent and deploy it on your server. Please note that this agent is generated uniquely for each target website for security reasons.

Deploying the Shark Agent is optional. Netsparker is still best in class as a black-box scanner, and the Shark Agent improves accuracy and vulnerability results when scanning .NET, Java, and PHP web applications.

Shark has only a very minimal impact on resources on the target machine — less than 1% in lab test results.

Recommendation for Netsparker Shark

Netsparker Shark works best in specific environments. To get the best out of Netsparker Shark, you need to use it in the right environment. The following points provide the best practice in using the Shark:

  • You need to install Netsparker Shark on your staging servers. This is the best place to perform IAST analysis.
  • You may install Netsparker Shark on virtual machines to perform IAST analysis as part of CI/CD pipelines. In this case, the Shark installation would need to be done as part of the CI/CD pipeline.
  • We do not recommend installing Netsparker Shark on production servers. Your production environment may run slower although Netsparker Shark consumes limited resources.

For further information, see Changing the DAST Game with Netsparker IAST.

Downloading Shark Sensors in Netsparker Enterprise

Ready to use Netsparker Shark? Contact us. 

To do this, follow these steps: From the main menu, go to Scans > New Scan > Shark, then select I'm Interested in Adding Shark.

Once approved, you are ready to download.
How to Download Shark Sensors in Netsparker Enterprise
  1. Log in to Netsparker Enterprise
  2. From the main menu, select Scans > New Scan.
  3. From the Scan Settings, select Shark.

Netsparker Shark

  1. From the Shark Settings section, select Enable Shark.
  2. From the Installation Files section, select a platform from the Server Platform drop-down, then select Save As.

The download starts immediately.

Downloading Shark Sensors in Netsparker Standard

Netsparker Standard has Shark (IAST) capability. However, this capability can only be enabled in Netsparker Standard only if you have a proper Plan. To use Shark in Netsparker Standard, contact us.

How to Download Shark Sensors in Netsparker Standard
  1. Open Netsparker Standard
  2. In the Home tab, select New.
  3. From the Scan Settings, select Shark.
  4. From the Shark Settings section, select Enable Shark.
  5. From the Installation Files section, select a platform from the Server Platform drop-down, then select Save As.
  6. Select a save location and select Save.

Deploying Netsparker Shark in your server is explained in related topics:

A vulnerability identified by Netsparker Shark


Highly accurate, fast & easy-to-use Web Application Security Scanner

Get a demo