Despite the obvious benefits of fully automated web application security scans, you may periodically need a little more control over the scanning process. Netsparker rises to the challenge by offering a range of manual overrides, enabling you to fine-tune your security scan strategy to suit almost any scenario.
Although Netsparker Web Application Security Scanner has the ability to automatically crawl a web application and identify all URLs and attack vectors, there may be occasions where you wish to define the target URL list manually, by visiting pages using a web browser.
Netsparker accommodates this need through its proxy mode, which exposes a proxy server that may be used by your browser to access the target web application. Requests issued through the proxy are detected by Netsparker and added to its site map for the active scanning session.
After using proxy mode (or crawl and wait scanning mode) to populate a sitemap for a target web application, Netsparker's Controlled Scan feature offers fine-grained configuration of the vulnerability tests that will be executed and the parameters that will be attacked for each individual page.
Another method of defining the attack target list is to create or import a list of URLs manually. Netsparker offers complete flexibility in this respect, allowing URLs or HTTP requests to be entered within the UI or imported from an external file.