This post documents down the recent webinar series E-SPIN provides to the customers and partners. For the portion of the typical being ask questions and turn into Netsparker reporting overview video walkthroughs that capture the essential for the websinars and make it replay-able for the rest of the audience who found it helpful.
Invicti acquired both Acunetix and Netsparker three years back, but let them run standalone until the end of 2020 decided to put two product companies into a single company and consolidate the resources. Netsparker will be at the time the product name, as moving forward the company name will be known as Invicti (formerly Netsparker).
Video, captured video from the event and making it replay-able will be helpful for those who are missing to attend the event while it takes place. Despite not able to have first hand audience experience like those who attend, you can still get the essential content from those sections. It was already cut and edited to make it short and direct to the point to make it more user friendly for those who play the video clip.
The session talked about Netsparker reporting overview. Login to Netsparker dashboard, where already filled with scan results so you can get the overall feeling of the graphic user interface (GUI) when in action. We walk through a reporting feature in the logical sequence.
First, from the Netsparker dashboard, we click scan > recent scan to see the list of scanned results in one view. Further click on specific website to have the detailed report view.
On top section is report summary for what website, how many critical, high and medium vulnerability discovered.
Click on the issue, more detail result will pull out from right hand side.
Proof of exploit is 100% confirmed vulnerability, where you can save the time to manual test them again. It offload your experience pentester to focus on other manual or complex exploit task to be carry.
If automated web vulnerability scanner can detected and show 100% confirmed vulnerability with the automated scan exploit, so did the real hacker will able to do it as well.
We are then move into Export report to various use case, detailed, executive summary, regulatory compliance, to even WAF rules for use by web app firewall etc.
After covering the export report, We can now look at Website severity trends. You will get the severity trend, it can be website specific or for a group, depending on what you want to see.
Click on Trend Matrix Report. You see the pattern and history for how each vulnerability is associated with the website.
Other reporting features, you can choose your own preferences and style for charting and what to include in the report by using the parameter filter. Or whether it is for a group of websites or specific websites. So you are in control of how high level and zoom to individual websites as per needed.
Issues Management. From address issues, here you can filter by parameter to make a quick decision about what you want it to be sorted and filter the result.
As you can see, and as the summary for the session, you can see how Netsparker reporting features or modules provide a list of very handy features to address various use cases and roles you are expected to use the reporting for.
E-SPIN has been active in the application security testing (AST) since 2005. For the application security testing (AST) domain alone, E-SPIN possess the capability to provide end to end, unified application security testing platform solution, from integration to point solutions for the various use case, such as dynamic application security testing (DAST), static application security testing (SAST), mobile application security testing (Mobile AST), software composition analysis (SCA), manual application security testing (MAST), penetration testing to exploitation management. Beside this, E-SPIN possesses the capability to supply, consulting, integration, project management, training and maintenance support for infrastructure, network, wireless, datacenter, virtualization, container, cloud and host/system/server and services security testing. Feel free to contact E-SPIN for your project and operation requirements.