Application & Service Discovery

This feature enables you to become aware of your enterprise's online collateral, web applications and services. This enables you to conduct a comprehensive security audit and better secure your online presence, continually reducing security threats.

Netsparker Radar is a service that works independently from our Netsparker Enterprise product, and already has hundreds of millions of services on its database. It continually scans the entire internet.

  • As soon as you register with Netsparker Enterprise, the system begins the discovery process with your commercial email, immediately suggesting websites that might also belong to you.
  • Once you start adding websites, the system makes new suggestions based on those websites
  • Netsparker analyzes your configuration and data, then suggesting further websites that might also belong to you.

The Discovered Websites window displays and enables you to manage all websites Netsparker has discovered:

  • You can conduct faceted search in a minimalistic way. Basic operations like ignore, create website and blacklist some parameter can be achieved here as well.
  • The Status column's default filter is set to New, so that newly discovered websites are displayed. This window then operates like a To Do list. We recommend you keep on top of this list, and process discovered items, by creating or excluding each discovered website every time you log in.

All users with Manage Websites permission can view Discovered Websites and configure Service Discovery Settings.

Discovered Websites Fields

This table lists and explains the panels in the Discovered Websites window.

Field

Description

Authority

This is the hostname or IP address and the port number for a server. For example, in http://example.com:81/, example.com:81 is the authority.

IP Address

This is the IP address of the website.

Top Level Domain

The TLD refers to the last segment of a domain name, or the part that follows immediately after the dot(.) symbol. For example, in the domain name www.example.com, the top-level domain is 'com'. TLDs are mainly classified into two categories: generic TLDs and country-specific TLDs. Examples of some of the popular TLDs include: .com, .org, .net, .gov, .biz and .edu.

Second Level Domain

A second-level domain is a domain that is directly below a top-level domain (TLD). For example, in example.com, 'example' is the second-level domain of the .com TLD.

Organizational Name

This is the name of the organization that is registered as the owner of the website.

Status

This is the status of the website. The options are: New, Ignored or Created:

New: This indicates websites that have just been discovered

Ignored: This indicates websites that you've ignored

Created This indicates websites that you've created

Filtering

Filters enable you to find discovered websites that match given criteria.

How to Filter Your List of Discovered Websites

  1. From the main menu, click Websites, then Discovered Websites. The Discovered Websites window is displayed.
  2. Click the filter button (  ) next to any column header. The filter dialog is displayed.

  1. Click to delete all fields by which you don't want to filter.
  2. Add a New Filter if necessary (see How to Add a New Filter).
  3. In the relevant field, where relevant:
  • From the FIELD dropdown, select an option
  • From the OPERATOR dropdown, select an option
  • In the VALUE field, enter a value
  1. Click Apply. The list is filter by the selected criteria.

How to Add a New Filter

  1. From the main menu, click Websites, then Discovered Websites. The Discovered Websites window is displayed.
  2. Click the filter button ( ) above the Discovered Websites field next to any column header. The filter dialog is displayed.
  3. In the filter dialog, click New Filter. A new row is displayed.
  4. Configure as required.

How to Filter Using Faceted Search

You can also filter the list of Discovered Websites using a faceted search. Click the number in next to the IP Address, Second Level Domain, Top Level Domain or Organization Name in any row to filter on that criteria.

The list will display only websites that fit the criteria you've clicked on.

Service Discovery Settings

In this window, you can configure the settings that determine how the Discovered Websites list searches for online resources.

The discovery process uses specific parameters to suggest websites:

  1. IP Address or IP Range
  2. Second Level Domain (SLD)
  3. Top Level Domain (TLD)
  4. Organization Name

You can extend or narrow the the results using these parameters, for example:

  • You can select to detect all websites that have SLD netsparker
  • You can select to detect all websites that have TLD .gov

This table lists and explains the panels in the Service Discovery Settings window.

Setting

Description

Only Registered Domains

Enable to exclude web services that do not have a publically available DNS record. This option is checked by default.

Reverse IP Lookup 

This takes the IP address pointing to a web server and searches for other sites known to be hosted on that same web server. This option is checked by default.

Organization Name Matching

Enable to conduct another scan via the Organization Names extracted from the result set’s TLS certificates. This option is checked by default.

Second Level Domains

Lists the addresses that are below the top-level domains.

Organizations

Lists the organization name (listed in the certificate's organization name fields or website's copyright section) for each website or service that you want included in your Discovered Websites list.

IP Addresses

Lists the IP addresses for each website or service that you want included in your Discovered Websites list.

Excluded Second Level Domains

This is the excluded second-level domains list.

Excluded Organization Names

Represents the organization name that can be found from certificate's organization name fields or website's 'copyright' section.

Excluded IP Addresses

This is the excluded IP Addresses list.

How to Configure Service Discovery Settings

  1. From the main menu, click Websites, then Discovered Settings. The Discovered Websites window is displayed.

  1. Click Settings. The Service Discovery Settings window is displayed.

  1. Select or deselect the following options:
  • Only Registered Domains
  • Shared Host Matching
  • Organization Name Matching
  1. Enter the relevant information in the following fields:
  • Second Level Domains
  • Organization
  • IP Addresses
  • Excluded Second Level Domains
  • Excluded Top Level Domains
  • Excluded Organizational Names
  • Excluded IP Addresses
  1. Click Save & Recrawl.

Creating Websites

Customers can create (import into Netsparker) a website or multiple websites from the list of discovered websites.

For further information, see Importing Websites in Netsparker Enterprise.

How to Create a Website

  1. From the main menu, click Websites, then Discovered Websites. The Discovered Websites window is displayed.

  1. Select the relevant websites, and click Create. The Import Websites window is displayed.

  1. Complete the fields as explained in Importing Websites in Netsparker Enterprise.
  2. Click Save.

How to Create Multiple Websites

  1. From the main menu, click Websites, then Discovered Websites. The Discovered Websites window is displayed.
  2. Click the Create dropdown, and click Create [#] Services.

The Import Websites window is displayed.

  1. Complete the fields as explained in Importing Websites in Netsparker Enterprise.
  2. Click Save.

Excluding Discovered Websites

You can exclude or ignore websites in this list, because they are redundant or duplicates. This will remove these items from the list, and they will not get discovered a second time.

How to Exclude a Discovered Website

  1. From the main menu, click Websites, then Discovered Websites. The Discovered Websites window is displayed.

  1. Select the checkbox(es) of the website(s) that you want to exclude.
  2. In the same row, click Exclude, then Mark Service as Ignored.

How to Exclude All Discovered Websites

  1. From the main menu, click Website, then Discovered Websites.

  1. Click the Exclude dropdown at the top of the window.
  2. Select Ignore [#] Services.

Blacklisting Discovered Websites

You can blacklist discovered websites based on certain criteria. This means that websites that meet the criteria, such an an IP address, will be excluded from the list.

Option

Description

Blacklist IP Address

Select to exclude all websites and services with this IP address.

Blacklist Second Level Domain

Select to exclude all websites and services with this second level domain.

Blacklist Top Level Domain

Select to exclude all websites and services with this top level domain.

Blacklist Organization

Select to exclude all websites and services with this organization.

How to Blacklist a Discovered Website

  1. From the main menu, click Websites, then Discovered Websites. The Discovered Websites window is displayed.
  2. Next to the relevant website, click the Exclude dropdown.
  3. Select an option. A confirmation dialog is displayed.
  4. Click Yes, Exclude.
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO