Embedded objects, such as Flash files or ActiveX components, are created separately and then placed into your web application.
Since they work independently and are self-contained, any vulnerability in their codes would allow cybercriminals to infiltrate a website. By exploiting this vulnerability, attackers could try to obtain sensitive information such as CSRF tokens. In 2017, for example, at least 63 vulnerabilities were identified in Adobe Flash.
During scanning, Netsparker identifies all embedded objects such as Flash objects in the target web application and lists them with their location while the target web application is being scanned.
Once the scan is completed, all embedded objects are listed under the Embedded Objects node in the Knowledge Base, highlighted in red and bold. You can access the same information in the Knowledge Base Report and Knowledge Base Tab.
Netsparker forms Knowledge Base Nodes on its findings. If the Embedded Objects node is not listed, it means that Netsparker did not find any.
For further information, see Knowledge Base Nodes.
How to View the Embedded Objects Node in Netsparker Enterprise
- Log in to Netsparker Enterprise.
- From the main menu, click Scans, then Recent Scans. The Recent Scans window is displayed.
- Next to the relevant website, click Report.
- From the Technical Report section, click the Knowledge Base tab.
- Click the Embedded Objects node. The information is displayed in an Embedded Objects tab.
How to View the Embedded Objects Node in Netsparker Standard
- Open Netsparker Standard
- Start a Scan or open a previously saved scan.
- The Knowledge Base is displayed on the right of the Scan Summary Dashboard. (If it is hidden, display it again using the Knowledge Base icon on the View tab on the ribbon. Alternatively, click the Reset Layout icon on the View tab, then close the Activity/Progress/Logs panes to give maximum viewing space.)
- Ensure that the Knowledge Base Viewer is also displayed. (If it is hidden, you can display it again using the Knowledge Base Viewer button on the View tab. You may also want to close the Activity/Progress/Logs panes.)
- Click the Embedded Objects node in the Knowledge Base. All detected Embedded Objects are displayed in the Knowledge Base Viewer.