This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
Netsparker is pleased to announce a new feature. It relates to how vulnerabilities are reported and will reduce the number of reported vulnerabilities, saving you time on the resources needed to address them. It also makes scan reports more relevant and accurate.
What is the Vulnerability Families Feature?
Previously Netsparker products reported every single vulnerability that a scan found in a URL. For example, if Netsparker detected Error-based, Blind and Boolean-based SQL Injections in the same URL, each vulnerability would be reported separately. This unnecessarily complicated the scan reports for those sites with many URLs.
With this latest update, Netsparker will group similar vulnerabilities together for reporting and fixing purposes. These groups are known as families, in which vulnerabilities are prioritised based on their exploitability.
- If an endpoint is vulnerable to similar versions of the same vulnerability, only the most relevant and easy to exploit vulnerabilities will be reported.
- Once one fix has been completed, this will address the three or four vulnerabilities in the 'family'.
What are the Benefits of the Vulnerability Families Feature?
The new vulnerability families feature will make scan reports shorter and simpler. The quality of vulnerability reporting is by far more important than the mere quantity of reported vulnerabilities, if these are repetitions and false positives. Vulnerability reports are now even more direct and to the point.
In addition, this new feature will save the time of fixing each iteration of each type of vulnerability, enabling you to deliver fixes that have much more impact.
For further information, see Vulnerability Families.
Your Information will be kept private.