Contact Support


Reviewing Scan Results and Imported Vulnerabilities

After a scan is completed, you can view both a Scan Summary and a Technical Report of the scan's findings.

Sending a vulnerability to JIRA

They display information about the number, severity and types of vulnerabilities detected, the impact they could have, and where they exist on the site.

For further information, see Integrating Netsparker Enterprise With an Issue Tracking System and Vulnerability Severity Levels.

Vulnerability Families

Vulnerability Families is a feature that enables Netsparker to avoid reporting similar vulnerabilities in the same URL. Similar vulnerabilities are arranged into groups called ‘families', in which vulnerabilities are prioritised based on their exploitability. (Previously, for example, Error-based, Blind and Boolean-based SQL injections in the same URL would have been counted as separate occurrences and therefore reported as separate vulnerabilities).

Vulnerability FamiliesIn a family, vulnerabilities are prioritized based on their exploitability. If an endpoint is vulnerable to similar versions of the same vulnerability, only the most relevant and easy to exploit vulnerability will be reported. This makes scan reports more simple, accurate and relevant.

Vulnerability Families Exploitability

How to Review Scan Results and Imported Vulnerabilities

If the vulnerability has already been automatically created in your issue tracking system (because it meets the criteria configured in Configuring Endpoint Integration), the issue number will be displayed as illustrated.

Once you have configured the integration, a new Send To button is added to every reported vulnerability listed in the scan results. This enables you to send the vulnerability to any of the integrated projects.

You can view the details saved in your issue tracking system by clicking on the issue number.

Sending Vulnerabilities Manually to an Issue Tracking System

Not every vulnerability is created in your issue tracking system, because not every vulnerability will meet the configured criteria. You can send multiple vulnerabilities manually to your issue tracking system.

How to Send Vulnerabilities Manually to an Issue Tracking System

  1. From the Scans menu, click Recent Scans.
  2. Next to the relevant scan, click Report.
  3. In the Technical Report section, select an issue in the Issues panel that you want to send.
  4. Click Send To, and from the dropdown, select the relevant project.
  5. Once the issue is imported into your issue tracking system, you will be notified by Netsparker Enterprise. This notification will include the issue number, as illustrated.

A confirmation that a vulnerability was successfully sent to JIRA

How to Send Multiple Vulnerabilities Manually to an Issue Tracking System

If you send an Issue that has already been sent by someone else, or created automatically, Netsparker Enterprise will not create a duplicate entry.
  1. From the main menu, click Issues, then To Do.
  2. Check the checkbox for each issue you want to send.
  3. Click Send To and from the dropdown, select the relevant project.
  4. The issues are imported into your issue tracking system.

For more information on managing issues in Netsparker Enterprise refer to Using the Netsparker Enterprise Web Vulnerability Tracking System.

Tracking and Logs of Issues Sent to Issue Tracking System

When a vulnerability is sent to your issue tracking system, Netsparker Enterprise creates a record in the Issue’s history, as illustrated.

A log entry is created when a vulnerability is sent to JIRA

In our example, there are two records related to the integration:

  • One of them was sent manually by a user (username: 'Jira User')
  • The other log entry was generated when the issue was automatically sent via the configured Notification we created before (username: 'System')

Highly accurate, fast & easy-to-use Web Application Security Scanner

Get a demo