After a scan is completed, you can view both an Executive Summary and a Technical Report of the scan's findings.
They display information about the number, severity and types of vulnerabilities detected, the impact they could have, and where they exist on the site.
For further information, see Integrating Netsparker Enterprise With an Issue Tracking System and Vulnerability Severity Levels.
Vulnerability Families is a feature that enables Netsparker to avoid reporting similar vulnerabilities in the same URL. Similar vulnerabilities are arranged into groups called ‘families', in which vulnerabilities are prioritised based on their exploitability. (Previously, for example, Error-based, Blind and Boolean-based SQL injections in the same URL would have been counted as separate occurrences and therefore reported as separate vulnerabilities).
In a family, vulnerabilities are prioritized based on their exploitability. If an endpoint is vulnerable to similar versions of the same vulnerability, only the most relevant and easy to exploit vulnerability will be reported. This makes scan reports more simple, accurate and relevant.
How to Review Scan Results and Imported Vulnerabilities
If the vulnerability has already been automatically created in your issue tracking system (because it meets the criteria configured in Configuring Endpoint Integration), the issue number will be displayed as illustrated.
Once you have configured the integration, a new Send To button is added to every reported vulnerability listed in the scan results. This enables you to send the vulnerability to any of the integrated projects.
You can view the details saved in your issue tracking system by clicking on the issue number.
Sending Vulnerabilities Manually to an Issue Tracking System
Not every vulnerability is created in your issue tracking system, because not every vulnerability will meet the configured criteria. You can send multiple vulnerabilities manually to your issue tracking system.
How to Send Vulnerabilities Manually to an Issue Tracking System
- From the Scans menu, click Recent Scans.
- Next to the relevant scan, click Report.
- In the Technical Report section, click Send To, and from the dropdown, select the relevant project.
- Once the issue is imported into your issue tracking system, you will be notified by Netsparker Enterprise. This notification will include the issue number, as illustrated.
How to Send Multiple Vulnerabilities Manually to an Issue Tracking System
If you send an Issue that has already been sent by someone else, or created automatically in JIRA, Netsparker Enterprise will not create a duplicate entry.
- From the main menu, click Issues, then To Do.
- Check the checkbox for each issue you want to send.
- Click Send To and from the dropdown, select the relevant project.
- The issues are imported into your issue tracking system.
For more information on managing issues in Netsparker Enterprise refer to Using the Netsparker Enterprise Web Vulnerability Tracking System.
Tracking and Logs of Issues Sent to Issue Tracking System
When a vulnerability is sent to your issue tracking system, Netsparker Enterprise creates a record in the Issue’s history, as illustrated.
In our example, there are two records related to the integration:
- One of them was sent manually by a user (username: 'Jira User')
- The other log entry was generated when the issue was automatically sent via the configured Notification we created before (username: 'System')