Scan Policy Optimizer

Netsparker has a built-in wizard based Scan Policy Optimizer that you can use to help you create a Scan Policy for your target website. Even though configuring a Scan Policy results in more efficient, speedy web security scans, many of us do not have the time to go trawl through each individual check and determine which ones to enable or disable.

  • Considering the extensive functionality in Netsparker, what you manually configure in the Scan Policy can have an impact on duration of the Scan. One of the ways to reduce this is optimizing the Scan Policy to avoid running irrelevant security tests during the Scan.
  • Should you later wish to manually optimize your Scan Policies, you can still do so.

For further information, see Optimize Netsparker Scan Policies for Quicker and More Efficient Web Application Security Scans and Automatically Optimize Scan Policies for More Efficient and Speedy Scans.

Scan Policy Optimization Wizard Steps

The table lists and explains the steps in the wizard. The wizard is available in both Netsparker Enterprise and Netsparker Standard.

Step

Description

General Information

(Create Optimized Scan Policy in Netsparker Standard)

This step introduces the wizard.

Operating System

This is Operating System on which the target web application is running.

Web Server

This is the Web Server software on which the target web application is running.

If the Web Server on which your web application is running is not listed:

  • It can still be scanned
  • There are simply no specific security checks for it (select Other, to run the generic security checks)

Application Server

This is the Application Server (web technology) on which the target web application is built.

If it is built using multiple Application Servers, select all that apply. If the web technology on which your web application is built is not listed:

  • It can still be scanned
  • There are simply no specific security checks for it (select Other, to run the generic security checks)

Database Server

This is the Database Server the web application is using.

If multiple Database Servers are used, select all that apply. If the web application is using a Database Server that is not listed:

  • It can still be scanned
  • There are simply no security checks for it (select Other, to run the generic security checks)

Web Application Behavior

This discovers dynamic links in a web application by simulating various DOM events, depending on the selected description.

The options are:

  • Little or no dynamic content
  • Moderately sized dynamic web site
  • Complex Single-Page Application

You can configure its settings in the JavaScript tab of the New Scan Policy window.

Resource Finder

This attempts to find unlinked or hidden directories and other resources, such as old backup files, using a brute force method.

You can use the Limit input field to limit the number of resources Netsparker tries to find.

Summary

This displays the selected configurations.

How to Create an Optimized Scan Policy in Netsparker Enterprise

  1. From the main menu, either:
    • Click Policies, then Scan Policies. For the relevant policy, click Optimize.
    • Click Policies, then New Optimized Scan Policy.
  1. The Scan Policy Optimization Wizard is displayed at the General Information step.
  2. Click Next. The Operating System step is displayed.

  1. From the list of options, select the operating system(s).
  2. Click Next. The Web Server step is displayed.

  1. From the list of options, select the web server software.
  2. Click Next. The Application Server step is displayed.

  1. From the list of options, select the application server.
  2. Click Next. The Database Server step is displayed.

  1. From the list of options, select the database server.
  2. Click Next. The Web Application Behavior step is displayed.

  1. From the list of options, select a description.
  2. Click Next. The Resource Finder step is displayed.

  1. In this step, enable and limit (or disable) the Resource Finder.
  2. Click Next. The Summary step is displayed.

  1. In this final step, review your configurations. If you need to amend anything, use the Back button to navigate back to that option.
  2. Click Next to return to the Summary.
  3. In the Scan Policy Name field, enter a name for the scan policy.
  4. Click Finish. This scan policy can then be used during an upcoming scan.

How to Create an Optimized Scan Policy in Netsparker Standard

  1. On the Home tab, click New. The Start a New Scan dialog is displayed.
  2. In the Scan Policy section, click the magic wand button next to the Default Security Checks dropdown. (You can also launch the Scan Policy Optimizer from the Scan Policy Editor. Click New Optimized.) The Scan Policy Optimizer wizard is displayed.
  3. Complete the steps as described in How to Create an Optimized Scan Policy in Netsparker Enterprise.
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO