SUPPORT

Contact Support

OPEN A TICKET

Overview of Report Policies

A report policy is a list of reporting settings for web security scan results and reports.

When you run a scan, you attach a report policy to it. While the scan policy affects which checks Netsparker will run, the report policy affects your result report. For example, if you changed the severity level of the SQL Injection to the Best Practice severity level, you may miss a critical security issue in your web application.

With a report policy, you can do the following:

  • Specify which detected vulnerabilities Netsparker should report in the Scan Results.
  • Change the Severity level, the visibility, and the classification properties of a vulnerability.

A Custom Report Policy enables you to configure these settings, including how the web security scanner displays its findings in the Netsparker application and in reports. (If you want to enable or disable specific security checks in the actual scan itself, you should configure a Scan Policy instead.)

While you can create your own report policy in line with your requirements, you can also rely on Netsparker's built-in Report Policy - the Default Report Policy. It is read-only and is used to provide the default settings for your custom Report Policies. You can clone existing Report Policies or create new ones, and then the new custom report policy is modified to suit your requirements.

For creating your own report policy, see Custom Report Policies.

When you exclude the SQL Injection vulnerability from a Report Policy and run a report, the scanner will still check if the target web application is vulnerable to this vulnerability. However, if it detects one, it won’t report it in the scan results. With the Report Policy, the SQL Injection is only hidden.
If you later generate a report from the same scan with the Default Report Policy, in which the SQL Injection vulnerability is included, the identified SQL Injection vulnerability will be listed in the report.

Report Policies Fields

This table lists and explains the fields in the New Report Policy window in Netsparker Enterprise.

Button/Section/Field

Description

Name

Enter a friendly name for the Report Policy.

Description

Enter a simple description that will help you remember what it is for.

Shared

Select this checkbox to share your Report Policy with other team members.

How to View Report Policies in Netsparker Enterprise

  1. Log in to Netsparker Enterprise.
  2. From the main menu, select Policies > Report Policies.

From this page, you can view, clone, edit or delete any listed policy. Admin users with permission can manage their team member's Report Policies. This means that if a Report Policy is private but belongs to your team member, you can still view, edit, delete and clone that policy.

How to View Report Policies in Netsparker Standard

  1. Open Netsparker Standard.
  2. From the Home tab, select Report Policy Editor.

From this window, you can view, clone, edit or delete any listed policy, or add a new one.

Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

Get a demo