SUPPORT

24/5 Hotline Support Service

+44 (0)20 3588 3841

Open a Support Ticket

support@netsparker.com

Introduction to the Dashboards

In both Netsparker Enterprise and Netsparker Standard, the Dashboards enable you to view scan results, vulnerabilities, issues, statistics and other information from a single window, both while scans are running and once they are completed.

Viewing the Global Dashboard in Netsparker Enterprise

The Netsparker Enterprise global dashboard provides you with an overview of the security status of all Website Groups and Websites in your Netsparker Enterprise account.

In the panel at the top of the window, you can see the following:

  • USERS displays the current number of active users on your account in the last week
  • WEBSITES displays the number of websites on your account
  • COMPLETED SCANS displays the number of finished scans
  • ACTIVE ISSUES displays the number of Issues that remain unresolved

For further information, see Global Dashboard Panels.

Global Dashboard Panels

This table lists and explains the panels in the Global Dashboard window.

Panel

Description

Severity Trend

This chart displays the increase or decrease of each Vulnerability Severity Level over time.

Severities

This doughnut chart displays the number vulnerabilities found, grouped by Vulnerability Severity Level, in proportion to the total detected.

For further information, see Vulnerability Severity Levels.

Issues

This clustered column chart shows the number of Issues found, grouped by Vulnerability Severity Level.

For further information, see Viewing Issues in Netsparker Enterprise.

Security Overview

This doughnut chart displays the total number of Critical and Insecure issues.

Average Time to Fix

This is a column chart that displays the average length of time it takes for Issues to be fixed, grouped by Vulnerability Severity Level.

Fixed Issues

This is a column chart that displays the number of Issues that have been fixed in each Vulnerability Severity Level.

Groups Dropdown

At the top right of the window, there is a dropdown. Click to view the security status of all your websites, or certain groups only.

The options are:

  • All Websites
  • Default
  • Your Website Groups

For further information, see Website Groups in Netsparker Enterprise.

Next Scheduled Scans

This is a panel that displays a list of Scheduled Scans. For further information, see Scheduling Scans.

Recent Scans

This panel displays a list of Recent Scans. Hover the mouse over various icons to see how what types and numbers of Vulnerabilities have been detected.

Further options include:

Latest To Do Issues

This panel displays the latest detected Issues, with an icon indicating their Vulnerability Severity Level.

How to View the Global Dashboard in Netsparker Enterprise

The Global Dashboard is displayed, by default, as soon as you login. Alternatively, from the main menu, click Websites then Dashboard. The Global Dashboard is displayed.

For further information, see Global Dashboard Panels above.

Viewing the Scan Summary Dashboard in Netsparker Enterprise

The Scan Summary Dashboard enables you to view the results of the latest security scan for a single website – while the scan is running and once it has been completed. You can also view other completed security scans with the same configuration, such as those with the same Scan Policy and Scan Settings.

In the panel at the top of the window, you can see the following:

  • [NAME OF SCAN] displays the name of the scan, with a link to the scan report, along with a Launch a Scan button
  • ISSUES displays the number (if any) of issues detected on a particular website since the last scan, along with a Launch a Scan button
  • SCHEDULED SCAN displays information of any scheduled scans, along with a Schedule a scan button
  • LATEST REPORT has a Report button

Scan Summary Dashboard Panels

This table lists and explains the panels in the Scan Summary Dashboard window.

Panel

Description

Severity Trend

This chart displays the increase or decrease of each Vulnerability Severity Level over time.

Click Trend Matrix Report (Severity Trend Report) for a more comprehensive overview.

Severities

This doughnut chart displays the number vulnerabilities found, grouped by Vulnerability Severity Level, in proportion to the total detected.

For further information, see Vulnerability Severity Levels.

Issues

This clustered column chart shows the number of Issues found, grouped by Vulnerability Severity Level.

For further information, see Viewing Issues in Netsparker Enterprise.

Security Overview

This doughnut chart displays the total number of Critical and Insecure Issues.

Average Time to Fix

This is a column chart that displays how long it takes for Issues to be fixed on average, grouped by Vulnerability Severity Level.

Fixed Issues

This is a column chart that displays the number of Issues that have been fixed in each Vulnerability Severity Level.

Issues

This is a list of all the issues detected in the scan.

Affecting Relevant Notifications

This is a list of all Notifications for the scan, including:

  • NAME
  • EVENT
  • EMAIL RECIPIENTS
  • SMS RECIPIENTS

Dropdown Menu

At the top right of the window, there is a dropdown. Click to view the security status of an individual Website Group or websites grouped by Scan Scope.

Scan Name

This panel lists the scan's Name, Website and Group. Further options include:

  • Click Details to view Issues, Scans or Scheduled Scans
  • Click Edit to edit the Scan
  • Click Delete to delete it

Recent Scans

This displays a list of Recent Scans. Hover the mouse over various icons to see how what types of Vulnerabilities have been detected. Further options include:

  • Incremental Scan
  • Retest

License Status

This panel contains the subscription expiry date.

How to View the Scan Summary Dashboard in Netsparker Enterprise

  1. From the main menu, click Scans, then Recent Scans. The Recent Scans window is displayed.
  2. Click on the Name of any individual single scan. The Scan Summary Dashboard is displayed.

For further information, see Scan Summary Dashboard Panels.

Viewing the Welcome Dashboard in Netsparker Standard

When you open Netsparker Standard, the Welcome Dashboard is displayed and the Start a New Website or Web Service Scan dialog opens. Close the dialog to view the following areas in the window.

The Welcome page also contains links to Updates, the latest articles in our Web Application Security Blog, as well as Support and Resources links.

For further information on menus and ribbons, see Navigation in Netsparker Standard.

Viewing the Scan Summary Dashboard in Netsparker Standard

The Scan Summary Dashboard enables you to view the results of the latest security scan for a single website, both while the scan is running and once it has been completed.

Panels in the Scan Summary Dashboard

This section lists and explains the panels in the Scan Summary Dashboard window.

  • Activity (default panel)
  • HTTP Request/Response
  • Knowledge Base Viewer (default panel)
  • Attack Radar
  • Execute SQL Commands
  • Get Shell
  • Exploit LFl
  • Exploit Short Names
  • Controlled Scan
  • Logs (default panel)
  • Sitemap (default panel)
  • Issues (default panel)
  • Knowledge Base (default panel)
  • Progress (default panel)
  • Request Builder
  • Encoder
  • Netsparker Assistant
To set the layout to default, click Reset Layout in the Panels or use the shortcut Ctrl+Shift+R.

Sitemap

The Sitemap panel displays a list of all the directories and files that the scanner crawled. Within each file, all identified vulnerabilities, security flaws and vulnerable parameters are listed.

In this example:

  • The directory is auth
  • The file is 'login.php'
  • The first vulnerability listed is: 'Password Transmitted over HTTP'

During a scan, you can view the Activity Status of each file in the Sitemap. Move your pointer over a node and a popup will display information such as ATTACKING, CRAWLED or SCANNED.

Issues

The Issues panel lists all detected vulnerabilities and other issues. They can be filtered, grouped, sorted and searched, using the icons at the top of the panel, depending on what you want to view.

This table describes and explains the icons above the Issues panel.

Field

Explanation

Filter

Use the Filter icon () to filter issues by the following criteria:

  • Severity – Critical, High, Medium, Low, Information, Best Practice, All
  • HTTP Method – ALL, GET, POST
  • Content Type: e.g., Application/xml, Application/json, Text/html etc.

Group By

Use the Group By icon () to group issues by the following criteria:

  • Vulnerability Type
  • Severity
  • Confirmation
  • URL
  • Fixed/Not Fixed

Sort By

Use the Sort By icon () to sort issues in alphabetical (or reverse alphabetical) order.

Previous Settings

Use the Previous Settings icon () to:

  • Save settings
  • Return settings to Default

Central Panel

The Central Panel displays details about a selected Issue.

Attack Radar

The Attack Radar displays a circular chart shows the ongoing progress of each security check (SQLi, XSS) during the scanning phase (before most of the SQL Injection attacks have been performed). At the end of the scan, the chart indicates all security checks that have been tested and how many vulnerabilities were found of each type.

Browser View

The Browser View displays the item selected in the Issues panel in a browser.

For further information, see How to View an Issue in a Browser in Netsparker Standard.

HTTP Request/Response

The HTTP Request/Response displays the request and response of the item selected in the Issues panel.

For further information, see HTTP Request and How to View the HTTP Request and Response of an Issue in Netsparker Standard.

Knowledge Base Viewer

The Knowledge Base Viewer panel displays further details about the item selected in the Knowledge Base panel. It provides a detailed breakdown of the information provided in list form in the Knowledge Base. It also provides search and Save Report functions.

Request Builder

The Request Builder panel enables you to work with HTTP requests, so that you can perform such functions as:

  • Sending requests to the target
  • Modifying imported HTTP requests
  • Creating your own HTTP requests
  • Analyzing and exploiting vulnerabilities
  • Analyzing the HTTP response

For further information, see HTTP Request Builder.

Vulnerability

The Vulnerability panel displays further details about the selected vulnerability, such as:

  • Name
  • Classification
  • Proof of exploit
  • Vulnerability details
  • Impact
  • Actions to take
  • Remedy
  • Required skills for successful exploitation
  • External references
  • Remedy references
  • Proof of concept notes

Execute SQL Commands

The SQL Exploiter panel enables you to run manual SQL queries in the server to verify vulnerabilities. These SQL queries are executed by the vulnerability URL. The panel updates the URL with a given query and sends it to the server. After obtaining a response, the result of the query is shown inside the panel. This panel is enabled when a selected vulnerability is an exploitable SQL Injection vulnerability.

Get Shell

The Get Shell panel runs OS commands on a shell on the target web application’s server. This panel updates the URL with a given command and sends it to the server. After getting a response, the result of this command is shown inside the panel. The Get Shell panel is enabled when a selected vulnerability is an exploitable Command Injection, Code Evaluation, Code Execution or a similar vulnerability.

Exploit LFl

The Exploit LFl panel reads the contents of files on the target web server by exploiting the LFI vulnerability detected during scan.

Exploit Short Names

The Short File Names panel defines the path to be exploited and display the results. A short file name is the name of the MS-DOS compatible version of your file that is created by Windows. For example, if you create a backup file with a randomized name that is not supposed to be accessible from outside, such as backup-a8accb12bb74411eb248a1a05b0b0ecb.sql, Windows will create a short file name for this file called BACKUP~1.SQL.

The Short Filename vulnerability allows remote attackers to disclose important file and folder names that are normally not accessible from the outside and gain intelligence about the application infrastructure. This may cause a leakage of files containing sensitive information, such as credentials, configuration files and maintenance scripts.

For further information, see Windows Short Filename.

Controlled Scan

The Controlled Scan panel displays Parameters to Scan and Security Tests so you can choose to scan a single page or parameter for a specific number of vulnerabilities.

For further information, see Creating a Controlled Scan.

Encoder

The Encoder panel enables you to encode and decode text from and to various formats.

Activity

The Activity panel displays current scan activities. During a scan, the Activity panel provides information about HTTP requests, and which files and parameters are being crawled or scanned in real time.

This table describes and explains the fields in the Activity panel.

Field

Explanation

Method

This is the HTTP request method like GET, POST.

Target

This is the URL target of the scan.

Parameter

This is the URL parameter of the scan.

Duration

This is the current length of the scan.

Current Activity

This is the current executing security check. For example, ShellShock is the 24th of 25 checks in the Command Injection security check group.

Overall Activity

This is the current executing security check group. For example, Command Injection is the fourth of 31 groups.

Status

This is the current process, such as analyzing, requesting, parsing, and confirming.

Progress

The Progress panel displays Scan Speed and Scan Progress (from zero to 100%). It also has a Requests per second slider that allows you to adjust the throughput of requests sent per second.

The Progress panel also provides information on:

  • Total Links
  • Failed Requests
  • 404 Responses
  • Head Requests
  • Total Requests
  • Elapsed Time
  • Start Time (with date)

Scan Duration and Speed

The duration of a web security scan depends on many factors, such as the size and complexity of the target website, the availability of bandwidth between the scanner and the target, the target's response time, and the number of security checks for which the target is being scanned.

For further information, see How Fast is Your Web Vulnerability Scanner?.

Reducing the Scan Duration

There are several improvements you can do to improve the speed of a scan. From Netsparker's end, you can optimize the scan policies also increase the number of concurrent connections the scanner opens during a scan.

By default, Netsparker Desktop will open up to six concurrent connections during a scan. By increasing the number of concurrent connections, you will increase the load on the target server. Ensure the server can handle the load before increasing the number of concurrent connections.

More concurrent connection does not always yield a higher speed scan. For example, if the target server cannot handle the load, the scan can be slower.

For further information, see Scan policy Optimizer and How Can You Improve the Scan Results?.

Logs

The Logs panel displays a list of all scanner actions that have taken place during the Scan.

Knowledge Base

The Knowledge Base panel displays a list of additional information about the Scan, and is sorted into groups, such as number of comments and cookies, crawling and scan performance, and slowest pages. This information is useful for highlighting other potential security issues which are not typically classified as vulnerabilities but can help attackers gain additional knowledge to craft a successful hack. Netsparker provides users with a complete, detailed analysis of the target web application. Click on each one to view its details displayed in the Central Panel.

Knowledge Base Nodes

This table lists and explains the Knowledge Base Nodes in the Knowledge Base panel.

Panel

Description

AJAX / XML HTTP Requests

This is a list of the AJAX / XMl HTTP Requests found in the target application. From this node, you can check that Netsparker is detecting and simulating all of these requests, especially when scanning a client-side script heavy web application such as a single page application.

This is sometimes referred to as the XML HTTP Requests List.

Attack Possibilities

This is a list of the possible number of attacks per engine that Netsparker might carry out. Attack possibilities information is collected by attack engines when Netsparker is attacking a website. These values are calculated on the basis of the number of parameters present for each link. They are used as estimates to inform users about scan progress.

Comments

This is a list of source code comments. Some of them may contain sensitive keywords highlighted in red and bold. This is the most overlooked security issue of all and could lead to sensitive information disclosure. It is very typical for developers to leave very sensitive information in web applications, such as connection strings, administrative accounts credentials, details of the test environments and much more. Netsparker allows users to add new entries to the list of sensitive comments so they are alerted once this type of entry is identified in the source code comments. Users can also modify the existing patterns from the Comments node in the Netsparker settings.

Cookies

This is a list of cookies set by the target application. Cookies can disclose a lot of information about the target website that attackers can use to craft a malicious attack. From this node, security professionals have access to a centralized list of all cookies, so they can analyse them one by one and identify any cookie-related security issues.

Crawling Performance

This is a table with information on crawling performance, such as Parsing Source, Crawled Link Count, Total Response Time, and Average Response Time. Links can be detected by the following sources in Netsparker:

  • Start Link: This is the link that is entered by the user to initialize the scan.
  • Text Parser: These are links identified by the text parser while parsing the responses’ source code.
  • Text Parser Form: These are links identified through HTML forms to which the forms are submitted.
  • XML HTTP RequestXmlHttpRequest: These are links identified as AJAX requests.
  • Related Link: These are links identified by the scanner through analysis of other crawled links.
  • Directory Resource: These are links identified by the Common Files and Directories checks, which look for hidden resources that should not be accessible by the public.
  • Unspecified: There are links about which the scanner could not determine the Parsing Source.
  • ASP.NET Project Importer: These are links identified from the ASP.NET Project (*.csproj or *.vbproj) file.
  • Backup Resource: These are links identified by the Backup Modifier, which tries to find backup (*.bak) files.
  • Burp Importer: These are links identified from the Burp log file.
  • CSV Importer: These are links identified from comma-separated values.
  • DOM Parser: These are links identified by the DOM Parser, which parses html or xml files.
  • DOM Parser Extracted Resource: These are links identified by the DOM Parser Extracted Resource, which extracts resources like image and frame.
  • DOM Parser Navigate: These are links are identified by the DOM Parser Navigate, which intercept a navigate call.
  • DOM Parser New Window: These are links identified by the DOM Parser, which intercept a new window call.
  • .DS_Store Modifier: These are links identified from the .DS_Store file.
  • Fiddler Importer: These are links identified from the Fiddler Session Archive (*.saz) file.
  • Form Authentication Sequence: These are links discovered while performing form authentication requests.
  • HTTP Archive Importer: These are links are identified from the HTTP Archive (*.har) file.
  • HTTP Request Importer: These are links are identified by parsing sources.
  • I/O Docs Importer: These are links identified from the I/O Docs (*.json) file.
  • Link Importer: These are links identified using the Link Importer tool of the scanner.
  • Mod Negotiation Resource: These are links identified from content negotiation provided from mod_negotiation module.
  • Netsparker Session Importer: These are links identified from the Netsparker Session (*.nss) file.
  • OWASP ZAP Importer: These are links identified from the OWASP ZAP (formerly Paros) file.
  • Postman Importer: These links identified from the Postman file.
  • Proxy: These are links crawled using the proxy (Manual Crawling) feature.
  • RAML Importer: These are links identified from the RESTful API Modeling Language (*.raml) file.
  • Resource Finder: These are links identified by brute-forcing to the hidden resources.
  • Robots.txt Sitemap: These are links identified from robots.txt or sitemap.xml files.
  • SOAP Web Service Parser: These are links identified from SOAP Web Service parser..
  • Swagger Importer: These are links identified from the OpenAPI (formerly Swagger) (*.json, *.yaml, *.yml) file.
  • WADL Importer: These are links identified from the Web Application Description Language (*.wadl) file.
  • WordPress Importer: These are links identified from the WordPress REST API (*.json) file.
  • WSDL Importer: These are links identified from the Web Services Description Language (*.wsdl) file.

CSS Files

This is a list of CSS Files found in the target application. Modern web applications have dynamic CSS files (ones that accept input from other sources and variables) so they can also be an attack vector. Even though Netsparker automatically scans target web applications for potential vulnerabilities in CSS files, this list is useful for users who need to manually analyze them.

This is sometimes referred to as the Client CSS File List.

Email Addresses

This is a list of email addresses found in the target application. Although having clear text email addresses on a website is not a vulnerability in itself, it is good to know what email addresses are published on the website.

Embedded Objects

This is a list of all the embedded objects such as Flash files or ActiveX components that were discovered in the target web application, and their location.

External CSS Files

This is a list of all the external CSS files the target website uses. This is for information purposes only.

External Frames

This is a list of frames found in the target application that originate from an external source. Similar to external scripts, external frames may be the result of an already hacked website. This is why it is good for security professionals to know about all the external objects in a web application.

External Scripts

This is a list of external scripts found in the target application. An external script from a non-trusted source should be considered a security risk, since it might be tampered by someone else to execute malicious JavaScript on the target web application. Such tampering might result in a stored or permanent Cross-site Scripting vulnerability.

Information in this knowledge base node can also help users determine whether the target web application has already been hacked; for example, whether malware is being distributed via an injected script. All (un)trusted third party scripts used in your web application are also listed in this knowledge base node.

File Extensions

This is a list of file extensions found in the target applications. Under each extension, it will also list all the files with that extension. This information helps security professionals determine what is being served from the target web application.

Google Web Toolkit

This is a list of any GWT-RPC requests that are identified during a scan. When such requests are identified it means that a web application built with Google Web Toolkit is running on the target server.

They are sometimes referred to as GWT Requests.

Incremental Scan

This is a list of all the new links found during incremental scans, allowing you to identify newly-added pages.

See How to Run an Incremental Scan in Netsparker Standard.

Interesting Headers

This is a list of all the unusual or customized HTTP headers encountered during a security scan of the target web application. This information is very useful for quality assurance teams. It can lead them to discover any legacy or unused components that are still being called because some unused code is still enabled in the system.

This information can also help security professionals uncover more information about the target web application and the environment it is running in. For example, they can find out if a load balancer or web application firewall is in use, or determine the version of some of the server components to enable more targeted testing.

This is sometimes referred to as the Custom Header List.

JavaScript Files

This is a list of JavaScript files found in the target application. Security professionals can refer to this centralized list of information to check that all JavaScripts on the target website are secure and are being used appropriately. This avoids the risk of neglecting to find some during a manual check.

This is sometimes referred to as the Client Script List.

MIME Types

This is a list of MIME Types found in the target application. Under each MIME type, Netsparker also lists all the files with that MIME type. This information is very useful in case further manual testing is required. It also helps security professionals spot any unusual files or types served by the server which could indicate a successful hack.

Not Founds

This is a list of all the web pages that return a 404 error. This is used to inform users that these pages are not reachable and therefore cannot be scanned.

Out of Scope Links

This is a list of all Out of Scope Links, both uncrawled and unattacked. From this knowledge base node, users can determine what was not scanned and why, to enable them to fine tune their security scan settings should they wish to also scan these links.

Proofs

This is a list of all the data that is extracted as a Proof when exploiting a vulnerability: Identified Database Version, Identified Database Name and Identified Database User. This data could contain the username and database name for a SQL Injection, or the content of a file for a local file injection for example. From this node, you can discover how much potentially sensitive information the scanner was able to extract automatically for demonstration purposes.

REST APIs

This is a list of a REST API or RESTful web services that are identified in a scan. Netsparker automatically crawls and scans the RESTful Web service.

See Finding Vulnerabilities in RESTful Web Services Automatically with a Web Security Scanner.

Scan Performance

This is a table with information on scan performance, such as source, request count, total response time, and average response time.

See Scan Performance Upgrades.

Site Profile

This is a table with site profile information about the technologies used in the target website, such as JavaScript Libraries, Database Server and Operating System.

Slowest Pages

This is a table listing the top ten slowest pages by URL and Response Time. In this knowledge base node, the average response time of the target web application is displayed together with all the pages with highest response time. Pages that are slow to load do not pose any security threat, but there is a reason why they are taking longer to load. It could be caused by errors or inefficiencies in the code, so it is still worth knowing about them for troubleshooting purposes.

This is sometimes referred to as the Top Response Times List.

SSL

This is a list of the information about the SSL certificate used in the target website, and the protocols and ciphers that are supported by the target server. Recently, there have been a number of issues with old ciphers and protocols, so it is good to know what the target web application supports, so you can fine tune the server's configuration.

This is sometimes referred to as the SSL Knowledge Base Provider.

URL Rewrite

This node contains tables with information on the URL Rewrite settings and the URL Rewrite rules matched in the target application. Netsparker scanners automatically configure their own URL rewrite rules when scanning a website that uses URL rewrites, so you do not have to manually configure them. If you need to verify the rules, or get a better understanding of the workings and setup of the target web application, check the rules that the scanner automatically configured.

See URL Rewrite Rules.

Web Pages With Inputs

This is a list of form inputs found in the target application. This list can be used by developers and quality assurance members for further manual testing. Security professionals find such information useful too, since it gives them a better overview of the attack surfaces of a web application.

It is sometimes referred to as the Form Inputs List.

Web Services (SOAP)

This is a list of SOAP WEB Services found in the target application, with details on the operation and parameter of each.

Netsparker Assistant

Netsparker Assistant is a smart scan assistant that guides you through a scan, detecting and displaying details of scan configuration anomalies, and enabling you to change and optimize the current configuration. The Netsparker Assistant panel is displayed on the Netsparker Standard window along with the Knowledge Base.

You can switch between viewing the Knowledge Base and Netsparker Assistant panels by clicking the relevant tab.

For further information, see Netsparker Assistant.

How to View the Scan Summary Dashboard in Netsparker Standard
  1. Open Netsparker Standard.
  2. Load a previous scan or launch a new scan.
  3. Click the View tab. The Dashboard is displayed, showing the default panels: Sitemap, Dashboard, the Central Panel, Logs, Issues and Knowledge Base.

For further information, see Panels in the Scan Summary Dashboard.

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO