Navigation in Netsparker

Description

Websites

From this menu, you can view the Dashboards for an overview of the security state of all your web applications. You can also add, import, and manage websites, add and manage website Groups.

For further information, see Introduction to the Dashboards.

Scans

From this menu, you can add and manage new Scans and Group Scans, and view and manage Recent Scans.

Scheduling

From this menu, you can schedule individual Scans and Group Scans, and display all your scheduled Scans.

Reporting

From this menu, you can set reporting details, and view chart reports.

Issues

From this menu, you can view all your Issues, those that are addressed, those that are waiting for a retest, and those still to be addressed.

For further information, see Viewing Issues in Netsparker Enterprise.

Policies

From this menu, you can create, clone and optimize new Scan Policies, and create Report Policies.

Notifications

From this menu, you can create new Notifications, edit, clone, and delete Notifications, simulate Notification events, and prioritise Notification scopes.

For further information, see Managing Notifications.

Integrations

From this menu, you can select a system to integrate with Netsparker, create a new Integration, match usernames between systems, and clone, edit or delete User Mappings.

For further information, see What Systems Does Netsparker Integrate With?

Team

From this menu, you can add new Team Members, send invitations to others to join, select their permission levels, and place them into a Group.

For further information, see Managing Team Members in Netsparker Enterprise.

Activity

From this menu, you can view the activity logs of Users.

Agents

From this menu, you can configure and disable New Agents, and edit and delete New Agent Groups.

This menu is only available in the Netsparker Enterprise On-Premises edition.

Your Account

From this menu, you can update your account Settings, change your Password, reset your API Token, activate Two-factor Authentication, and view your Account License details.

For further information, see Managing Your Account Settings.

Settings

From this menu, you can check general Settings options, configure Single Sign-On details, and enable IP Address Restrictions.

The following additional settings are available in the Netsparker Enterprise On-Premises edition only: Security, Database, Email, SMS, Service Credentials, Cloud Provider, Authentication Verifier, and Licensing.

For further information, see Overview of Settings in Netsparker Enterprise.

Click here to sign out of Netsparker Enterprise.

Description

New

Click to Start a New Scan.

Import

Click  to Import a Netsparker Session File.

Export

Click to Export your current Netsparker scan as a Netsparker Sessions file.

Dropdown Arrow

Click to show or hide the above options in the Quick Access Toolbar.

Description

File

From this tab, you can can import Local Scans saved in your PC, or import a scan file from a disc or other device. You can also export Scans to a file on your PC or elsewhere. You can also find out information About Netsparker, and Exit Netsparker Standard.

Home

From this tab, you can perform all the main Netsparker Standard functions:

• Start Scan – Start a New scan, Schedule a scan, start an Incremental scan, Schedule Incremental scans, or open a New Instance of Netsparker Standard in another window for multiple scans
• Post Scan – Rest All scans, or launch a Netsparker Hawk Check
• Scan Session – Import to Netsparker Standard, Export from Netsparker Standard, or Export To Cloud from Standard
• Tools – Use the Scan Policy Editor and Report Policy Editor, or access further Options

View

From this tab you can display or hide the panes in the window for completed scans:

• Activity/Scan – Displays information about a scan in progress (see Central Pane)
  • Request Speed – Displays the number of concurrent connections for attacking and crawling operations separately
  • Attack Progress – Displays the current percentage of the Completed Requests against Remaining Request Possibilities
  • Total Links – Displays the number of Total Links scanned
  • Failed Requests – Displays the total number of Failed Requests in the scan
  • Responses – Displays the total number of Responses in the scan
  • Head Requests – Displays the total number of Head Requests in the scan
  • Total Requests – Displays the Total Requests in the scan
  • Elapsed Time – Displays the Elapsed Time from the scan
  • Start Time – Displays the start date and time of the scan’s Start Time
• HTTP Request / Response – Displays the Request and Response of a selected item (see Central Pane)
• Knowledge Base Viewer – Displays the Knowledge Base with a search and save box (see Knowledge Base)
• Attack Radar – Displays the ongoing progress of each security check during a scanning (see Central Pane)
• Execute SQL Commands – Run manual SQL queries to verify vulnerabilities
• Get Shell – Run commands on a shell on the target application
• Exploit LFI – Read contents of files on the target machine
• Exploit Short Names – Define path to be exploited and display results
• Controlled Scan – Displays the Controlled Scan panel with scan parameters and security tests (see Creating a Controlled Scan)
• Logs – Displays a list of all scanning actions (see Logs)
• Sitemap – Displays a list of all scanned files and directories (see Sitemap)
• Issues – Displays a list of vulnerabilities found in the scan (see Issues)
• Knowledge Base – Displays a list of additional items about the scan (see Knowledge Base)
• Progress – Displays the request speed and scan progress
• Request Builder – Enables you to work with HTTP requests
• Encoder – Displays the Encoder panel to encode and decode text from/to various formats
• Reset Layout – Resets current layout to the default one

Reporting

From this tab, you can download reports in various formats:

• Detailed
• Miscellaneous
• Lists

For further information, see Report Templates and Lists.

Help

From this tab, you can access Netsparker's technical help. This help can come in the form of:

• Documentation: Extensibility, Reporting and Form Authentication APIs, Support, and access to Netsparker's technical Support
• Application – From here you can check if a new version or update of Netsparker or Netsparker's vulnerability database has been released, and manage your Netsparker subscription.

Link

From this tab, you can view further scanning options.

• Tools:
  • Run Controlled Scans
  • Select Send to Request Builder to create or modify imported HTTP requests, send them to the target, and analyze the HTTP responses sent back
  • Go to Identification Page
• Copy URL or Copy as cURL
• Open in Browser

Vulnerability

Once you click on an Issue, this tab opens Tools and Send To options.

• Tools:
  • Retest a single vulnerability
  • Copy as cURL
  • Generate Exploit for CSRF and XSS vulnerabilities
  • Execute SQL Commands to run manual SQL queries to verify vulnerabilities
  • Get Shell to run commands on a shell on the target application
  • Exploit LFI to read contents of files on the target machine
  • Exploit Short Names to define path to be exploited and display results
  • Ignore from this Scan to ignore selected vulnerabilities
• Send To – Configure Send To Actions