SUPPORT

Contact Support

OPEN A TICKET

Glossary

In this glossary, you can find an explanation of commonly used terms in Netsparker.

Account Owner

This is the user that has all the permissions in a Netsparker Enterprise account.

Addressed Issue

This is an issue that has been addressed and whose state has been updated.

Agent

  • Scan Agent: This lets you scan your website. The agent will conduct the actual scan job and then report the results back to Netsparker Enterprise. For further information, see Installing Internal Agents.
  • Authentication Verifier Agent: This carries out the form authentication so that you can run an authenticated scan in your network. For further information, see Authentication Verifier for Internal Agents.

Agent Mode

This displays whether the agent is scanning or an authentication verifier agent.

Application and Service Discovery

This service enables you to become aware of an enterprise's online assets, web applications, and services.

Authentication Profiles

This lets you save a custom script for form authentication in Netsparker and use it many times for different websites. When configured, Netsparker uses this custom script to authenticate itself against the target website. For further information, see Authentication Profiles.

Bi-directional Integration (2-way sync)

This is an integration method that helps Netsparker and an issue tracker system to synchronize issues between the applications. For further information, see Integrations.

Certainty Percentage

This is the likelihood of that vulnerability being present.

Classification

Netsparker classifies vulnerabilities in various standards like CWE, CVSS, PCI, and HIPAA.

Confirmation

This indicates that Netsparker is 100% certain about an issue identified. Netsparker verifies vulnerabilities by exploiting them in a read-only and safe manner. For further information, Proof-Based Scanning.

Controlled Scan

This is an attack method that can be used to scan a link with selected parameters and engines.

Heuristic Web Vulnerability Scanner

Netsparker is a heuristic scanner and does not use a signature database as traditional antivirus software does. So, it’s able to identify zero-day vulnerabilities in any type of custom web application. For further information, see the Advantage of Heuristic over Signature Based Web Vulnerability Scanners.

Incremental Scan

This allows scanning of newly introduced and amended pages since the initial scan. Netsparker also checks whether the vulnerabilities identified previously still exist.

Issue

This is a vulnerability identified by Netsparker.

Link

This is an HTTP Request for Netsparker. This can be a web page, submit button at the end of a form, or AJAX requests.  

Link Pool

This is the pool where Netsparker collects all links while crawling the web application or website. Netsparker also uses this link pool to attack these links to identify vulnerabilities.

Manual Crawling

This is a process that is used to scan parts of a web application that cannot be crawled automatically. This feature also lets you scan mobile web applications and native desktop applications. For further information, see Manual Crawling in Proxy Mode.

Netsparker Hawk

This lets Netsparker detect out-of-band vulnerabilities. For further information, see How Netsparker Hawk Finds Vulnerabilities.

Netsparker Shark (IAST)

This adds interactive security scanning (IAST) capabilities to Netsparker Enterprise. For further information, see Deploying Netsparker Shark.

Notification

This lets you and your users be informed immediately about the status of a web application security scan or when specific vulnerabilities are detected by it. For further information, see Notifications.

Proof-Based ScanningTM

Netsparker's Proof-Based Scanning technology actively and automatically verifies detected vulnerabilities, confirming that they are real and not false positives, by exploiting them in a read-only and safe manner.

It's completely safe. For example, when exploiting a SQL injection vulnerability and generating a proof of exploit for it, the scanners only try to read data from the database, not write or delete data from the database.

Proof of Concept

Proof of Concept is the actual exploit that proves that the vulnerability exists. For example, after exploiting cross-site scripting (XSS) vulnerability, Netsparker will report the payload that was used to inject code. Apart from providing evidence of the vulnerability, a proof of concept can also help developers isolate the exact issue that made exploitation possible.

Proof of Exploit

A proof of exploit is used to report the data that can be extracted from the vulnerable target once the vulnerability is exploited, demonstrating the impact an exploited vulnerability can have and proving that it is not a false positive.

Netsparker scanners can generate proof when they identify the following vulnerability types:

  • SQL Injection
  • Boolean SQL Injection
  • Blind SQL Injection
  • Remote File Inclusion (RFI)
  • Command Injection
  • Blind Command Injection
  • XML External Entity (XXE) Injection
  • Remote Code Evaluation
  • Local File Inclusion (LFI)
  • Server-side Template Injection
  • Remote Code Execution
  • Injection via Local File Inclusion

Report Policy

This is a list of reporting settings for web security scan results and reports. For further information, see Overview of Report Policies.

Request Builder

Netsparker allows you to work with HTTP requests. Thanks to the request builder, you can, for example, craft your own HTTP requests, send requests to targets, and modify the imported HTTP requests. For further information, see HTTP Request Builder.

Resource Finder

This is a feature of Netsparker that checks files and folders that can lead to security risks even when they are not linked in the web application. These files, for example, can be admin, login, or backups.

Retest

This allows the scanning of the vulnerable pages after the fix.

Role

This allows you to determine what kind of responsibilities a team member has within Netsparker Enterprise. For further information, see Managing Roles in Netsparker Enterprise.

Severity

This shows the importance of vulnerability identified. For further information, see Vulnerability Severity Levels.

Scheduled Scans

This lets you schedule scans in advance. You can schedule full, incremental, and group scans. For further information, see Scheduling Scans.

Scan Groups

This lets Netsparker create a scan group based on your scan configuration although these scans are related to the same host/domain name. So, you can view relevant dashboards, issue trends, etc. based on the scan group you selected. For further information, see Scan Groups in Netsparker Enterprise.

Scan Policy

This is a list of web application security scan settings. When you want to run a Scan, you attach it to a Scan Policy. For further information, see Overview of Scan Policies.

Scan Policy Optimizer

This is a built-in wizard that helps you narrow down the security checks that will be run against your web application. Thanks to the optimizer, you can tweak the scanner to only run, for instance, Apache-related security checks while ignoring ISS-related checks. For further information, see Scan Policy Optimizer.

Scan Profile

This lets you save scan settings for future scans. Scan Profiles can be reconfigured at any time. For further information, see Scan Profiles.

Scan Scope

This allows you to define which parts of the target web application should be crawled. For further information, see Scan Scope.

Target URL

This is the target URL of the website, including the path.

Technical Contact

This is the person who is responsible for the website or vulnerability.

Trend Matrix

This provides correlated, trending data about the status of those vulnerabilities identified in your web application across several scans. For further information, see Trend Matrix Report.

Website

A website is defined in Netsparker as a fully qualified domain name (FQDN). An FQDN is the complete domain name for a specific target and consists of two parts: the hostname and the domain name.

The below examples are considered to be 1 website as they share the same FQDN.

  • http://example.com
  • https://example.com
  • http://www.example.com
  • http://www.example.com/test

Subdomains and ports share the same FQDN but are considered to be different websites. For example:

  • http://example.com
  • http://test.example.com
  • http://example.com:81
  • http://api.example.com

Website Groups

Netsparker lets you group websites to ease the management of multiple websites and scans. Grouping websites also is important for the multiple team feature in Netsparker as you can assign a team or members only to website groups. For further information, see Website Groups in Netsparker Enterprise.

Vulnerability Database

This is the database Netsparker rests on to report known technologies, their versions, and their vulnerabilities. The database is periodically updated. For further information, see the Vulnerability Database.

Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

Get a demo