This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
Modern web applications are very complex. So even though we at Netsparker have pioneered a number of
- Scope of engagement
- Information gathering
- Vulnerability identification
- Post exploitation
To help you make the best of the Netsparker web application security scanner, we have developed a course which explains all the different stages of a website penetration test and how you can use Netsparker to automate most of the process. The course is made up of a collection of slides and videos which you watch
Stage 1: Scope of Engagement
Stage 2: Information Gathering
Now that you have defined a scope of engagement, it is time for some
To accompany the slides we also have three videos. The first video highlights what have been described in the slides;
- How to configure Netsparker to start the information gathering process.
- How to
analysethe information Netsparker reports and use it to fine tunethe scanning policies in order to improve the quality of the web vulnerability scans.
The following two videos also explain how to configure authentication and URL rewrite rules in Netsparker, which are a must do should the target application require them.
Video: Configuring Authentication in Netsparker Web Application Security Scanner
Apart from the above
- How to Scan Websites with Form Authentication, Single Sign-On & CAPTCHA with Netsparker Desktop
- How to Configure & Verify Form Authentication in Netsparker Enterprise
VIDEO: Configuring URL Rewrite Rules in Netsparker Web Application Security Scanner
For more detailed information on URL Rewrite Rules and Netsparker’s heuristic URL Rewrite technology refer to the following documents:
- Whitepaper: Automating the Configuration of URL Rewrite Rules in Netsparker Web Application Security Scanners
- Automatic Configuration of URL Rewrite Rules in Netsparker Web Application Security Scanners
- How to Configure URL Rewrite Rules in Netsparker
Stage 3, 4 and 5: Vulnerability Identification, Exploitation & Post Exploitation
In the first set of slides for these stages of the web application penetration
The second set of slides look into the exploitation and post exploitation stages. They explain how you can use the post-exploitation tools in Netsparker to exploit the identified vulnerabilities and highlight their impact. The slides highlight the importance of the Proof-Based
Video: Identifying & Analysing Web Application Vulnerabilities
Stage 6: Reporting
Even though the last stage is the easiest one, it is the most important one. This is the ultimate deliverable from your security engagement, in which you show your customer, developers or management what they are interested in:
- The status of security of the audited web application,
- The vulnerabilities that you found,
- What to fix and how to prioritize the fixes.
The slides for the reporting stage explain how to achieve all of the above. It also explains how you can generate compliance, managerial and technical reports for developers with Netsparker. Last but not least, it also explains how you can use the Report Policy Editor in Netsparker to tailor the web security scan reports to match your organization’s security policies.
Video: Using the Report Policy Editor & Generating Reports
More Netsparker Documentation
For more technical and user documentation on Netsparker web application security scanner, you can refer to the Netsparker Support page, where you can find a number of product guides and frequently asked questions about both Netsparker Desktop and Netsparker Enterprise, our enterprise level online web application security scanner.
Your Information will be kept private.