How Netsparker runs security checks
Operating as a black-box web application security scanner, Netsparker probes and examines your application from the outside, exactly as an attacker would. During testing, Netsparker visits every link that its crawler detects and makes requests to all input points in detected resources, including the URLs used to reach these resources. Next, it safely performs test attacks on the target application by sending suitable attack payloads to the identified input points. Finally, it analyzes the responses to detect vulnerabilities in the web application.
Built-in and custom security checks
To identify vulnerabilities, Netsparker uses thousands of built-in security checks, incorporating over a decade of continuous security research and development for maximum coverage and accuracy. But every application environment is different, so occasionally you may want to add a custom check to test application-specific assets or payloads. With its custom scripts for security checks feature, Netsparker Enterprise lets you write custom security checks in JavaScript. Once they are added to your account, you can use custom scripts in a custom scan policy to scan specific URLs or entire sites.
Types of custom security checks in Netsparker
Custom security checks in Netsparker fall into four categories, depending on the scope of testing and type of attack activity: active, passive, singular, and per-directory.
Active security checks
With custom active security checks in Netsparker, you can define your own attack patterns. During the test attack phase, Netsparker will inject these custom attack patterns into parameters discovered by the crawler. Each attack pattern you provide in your custom script will result in one HTTP request for each parameter discovered by the crawler.
You can specify the ty ..
Support the originator by clicking the read the rest link below.
