Websites and applications have become increasingly interactive to allow for active user input. For example, they accept users’ inputs and comments, and allow them to become members. While this increases reciprocity between website and user, malicious hackers can misuse this interaction to attack websites and applications.
This is why injection attacks, such as SQL Injection, have begun to appear in the OWASP Top Ten. Attackers can use input points to load their malicious code, which is then executed within trusted content. It is important to know these input points and sanitize them as much as possible.
Netsparker scans your web application and provides a list of form inputs found in the target application. This list can be used by developers and QA staff to carry out further manual testing. Security professionals find such information beneficial, since it provides them with a better overview of the possible attack surfaces in a web application.
Once the scan is completed, all web pages with inputs are listed under the Web Pages With Inputs node in the Knowledge Base. You can access the same information in the Knowledge Base Report and Knowledge Base Tab.
Netsparker forms Knowledge Base nodes on its findings. If a Web Page With Inputs node is not listed, it means that Netsparker did not find any.
For further information, see Knowledge Base Nodes.
How to View the Web Pages With Inputs Node in Netsparker Enterprise
- Log in to Netsparker Enterprise.
- From the main menu, click Scans, then Recent Scans. The Recent Scans window is displayed.
- Next to the relevant website, click Report.
- From the Technical Report section, click the Knowledge Base tab.
- Click the Web Pages With Inputs node. The information is displayed in a Web Pages With Inputs tab.
How to View the Web Pages With Inputs Node in Netsparker Standard
- Open Netsparker Standard
- Start a Scan or open a previously saved scan.
- The Knowledge Base is displayed on the right of the Scan Summary Dashboard. (If it is hidden, display it again using the Knowledge Base icon on the View tab on the ribbon. Alternatively, click the Reset Layout icon on the View tab, then close the Activity/Progress/Logs panes to give maximum viewing space.)
- Ensure that the Knowledge Base Viewer is also displayed. (If it is hidden, you can display it again using the Knowledge Base Viewer button on the View tab. You may also want to close the Activity/Progress/Logs panes.)
- Click the Web Pages With Inputs node in the Knowledge Base. All detected Web Pages With Inputs are displayed in the Knowledge Base Viewer.