Excluding Files by Types from a Scan

By default Netsparker will ignore a number of file types (extensions) from the scan. It is possible to modify the list of file types from the option Ignore These Extensions in the Scope section when configuring a Scan Policy.

By default Netsparker ignores a number of file types during a scan.

You can remove extensions from this list so they are not ignored during the scan or add your own file types so they are ignored during a scan. You can also add multiple extensions by separating them with comma.

Excluding Binary Files

By default Netsparker does not crawl and analyze binary files during a scan. They are outside the scope of scanning a web application for vulnerabilities. In fact the Netsparker scanners have a built-in mechanism to check if the HTTP responses are binary responses, and if they are they will be ignored.

Therefore if you have a number of binary files on your website, add their extension to this list so when the Netsparker scanners identify them they do not have to make the binary check, thus shorten the scan duration.