SUPPORT

24/5 Hotline Support Service

+44 (0)20 3588 3841

Open a Support Ticket

support@netsparker.com

Netsparker Assistant

Netsparker Assistant in Netsparker Standard is a smart scan assistant that guides you through a scan. Its main role is to detect scan configuration anomalies and provide you with detailed information, displayed in the Netsparker Assistant notification panel, so that you can change those configurations. Most notifications contain action buttons to enable you to navigate through related scan settings or to fix the issue right away on demand.

In addition, Netsparker Assistant also incorporates a real-time implementation of the Scan Policy Optimizer, which iteratively creates an optimized version of the current Scan Policy as it detects technologies on the target website. By default, this real-time optimizer notifies you when an optimized policy is created by Netsparker Assistant, at which point you can switch to the optimized policy.

Configuring Netsparker Assistant

You can both enable and set the Notification Level for Netsparker Assistant from Options.

Notification Levels

This table lists and describes the Notification Levels in Netsparker Assistant. Each successive level includes those below it.

Field

Description

Error

This is a severe situation that may prevent Netsparker from performing in the optimal way.

Warning

This generally indicates a misconfigured scan setting that may result in a reduction in scan coverage.

Best Practice

This is a strongly recommended scan or application configuration change that may improve the overall Netsparker experience.

Questions

This is a mild direction on any scan related parameter or configuration, expressed as a question.

Information

This is an informational feedback message about an occurring event that is worth mentioning.

How to Configure Netsparker Assistant

  1. Open Netsparker Standard.
  2. In the Home tab, click Options. The Options dialog is displayed.
  3. In the Options menu, select Netsparker Assistant. The Netsparker Assistant and Assistant Optimizer panels are displayed.

  1. In the Netsparker Assistant panel, uncheck the Enable Netsparker Assistant checkbox to disable Netspsarker Assistant.
  2. Configure the Notification Level slide as required. Configuring this slide will limit the Netsparker Assistant notifications to the lowest notification level set. For example, you won't be receiving any Information level notifications when the slider configuration is set to ‘Best Practice, Warning, Error’. (For further information on this, see Netsparker Assistant Notification Levels.)
  3. Click Save.

Viewing and Using Netsparker Assistant

The Netsparker Assistant panel is displayed on the right-hand side of the Netsparker Standard window.

How to View the Netsparker Assistant Panel

  1. Open Netsparker Standard.
  2. While a scan is running, on the top right of the title bar click the Netsparker Assistant flag icon (). The Knowledge Base panel is hidden, and the Netsparker Assistant panel is displayed in its place.

  1. As scan configuration issues are detected, they are displayed in the Netsparker Assistant panel. And the title bar icon changes colour () and displays the number of issues.
  2. Click the Close icon () to close the Netsparker Assistant panel. Click title bar's Netsparker Assistant flag icon to display it again.

How to Use Netsparker Assistant to Change Configurations

  1. While a scan is running, detected scan configuration anomalies are displayed in the Netsparker Assistant panel. (In the first item in this sample screenshot, 'Maximum Signature Exceeded', there are two buttons, representing two possible configuration changes: Increase Maximum and Set up Parameter Based Navigation.)

  1. In this example, clicking on Set up Parameter Based Navigation opens the Scan Policy Editor dialog, at the Parameter-Based Navigation.

  1. Configure the settings as required.

Configuring the Assistant Optimizer

Netsparker Assistant may need to modify or alter your current Scan Policy in order to fix detected scan configuration anomalies. This optimization is an iterative process. When Netsparker Assistant determines that the current Scan Policy requires optimization, it will continue to optimize and improve the policy.

Netsparker Assistant will create a copy of the currently selected Scan Policy and rename it according to the change it recommends:

  • When you take an automatic action on a notification, you will notice '(Adjusted by Assistant)' is appended to the name of the policy.
  • Likewise, the Assistant Optimizer will clone the policy and append its name with '(Optimized by Assistant)'.
  • By design, Netsparker Assistant avoids creating too many Scan Policies. During a scan session, Netsparker Assistant uses a single Scan Policy. When a Scan Policy is optimized and then adjusted by the Assistant Optimizer, you will notice that the separate changes are merged into, and handled by, a single Scan Policy, whose name is appended with '(Optimized and Adjusted by Assistant)'.

Netsparker Assistant gathers the detected technologies from the Signatures security check, configured in the Scan Policy Editor, until it decides the gathered data is enough to trigger an optimization iteration. It then optimizes the current Scan Policy.

At some later point of the Attacking phase, an SQL Injection check detects the database server on which the target website is running. At this point, Netsparker Assistant will be updated and run a second iteration of optimization.

If Netsparker has already switched to the optimized policy in the first iteration, this second iteration of the optimization won't take effect in the current scan session. These changes will only take effect in a new scan.

For best results, we recommend that you do both actions before running a scan:

  • Configure the Assistant Optimizer
  • Signature Security Checks

For further information, see How to Configure the Netsparker Assistant Scan Policy Optimizer.

How to Configure the Netsparker Assistant Scan Policy Optimizer

  1. Open Netsparker Standard.
  2. In the Home tab, click Options. The Options dialog is displayed.
  3. ClickIn the Options menu, select Netsparker Assistant. The Netsparker Assistant and Assistant Optimizer panels are displayed.
  4. Check the Enable Assistant Scan Policy Optimizer option.
  5. Enable the Auto switch to optimized Scan Policy option.

  1. Click Save.
Disabling Netsparker Assistant will also disable the Assistant Optimizer, regardless of Assistant Optimizer's configured Settings.

How to Configure the Signatures Security Check Group

  1. Open the Scan Policy Editor.
  2. Follow the instructions in How to Configure a New Scan Policy in Netsparker Standard.
  3. Enable the Signatures security check. 

  1. Assistant Optimizer uses any technologies detected by the Signatures check (and SQL Injection checks) to optimize your Scan Policy. These detected technologies can be viewed in the Site Profile node of the Knowledge Base.

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO