Contact Support


Software Composition Analysis with Netsparker Shark (IAST)

Netsparker Shark (IAST) can analyze your web application's software composition and list all components.

  • More and more web applications rely on third-party components, so your web application's security also depends on the security of these components.
  • It takes a lot of time and effort, however, to manually track whether these components have vulnerabilities and any update to address these issues.

As a black-box security tool, Netsparker can detect technologies used in your web application. It tracks and reports on problems, such as whether any of the technologies are out-of-date or whether a specific version has any issues.

  • The technology feature relies on the HTTP headers/responses while Netsparker Shark (IAST) works inside of your application, so it can identify all of your technology stack.
  • It can also detect whether these components are secure by using a vulnerability database.

This topic explains how to run software composition analysis with Netsparker Shark (IAST).

Running software composition analysis with Netsparker Shark (IAST)


How to run software composition analysis with Netsparker Shark (IAST)
  1. Open Netsparker Standard
  2. In the Home tab, select New.
  3. In the Target Website or Web Service URL field, enter the URL of the website you want to scan.
  4. Configure the Scan Policy, Netsparker Standard Scan Options Fields, and Authentication as required.
Make sure to select Software Composition Analysis from the Security Checks.

  1. Select Start Scan.

When Netsparker scans your web application, it lists all identified vulnerabilities in your web application on the Issues panel.

From this panel, you can reach all vulnerable third-party components identified by Netsparker Shark (IAST). You can see the vulnerability details, its impact, remedy, and related information when you select any vulnerability from the Issues panel.

In addition to the Issues panel, you can see the list of all third-party components in the Knowledge Base panel.

Netsparker highlights all out-of-date and vulnerable components in red. It provides the package name, its version, and its vulnerabilities.


Highly accurate, fast & easy-to-use Web Application Security Scanner

Get a demo