About
Netsparker is an automated, yet fully configurable, web application security scanner that enables you to scan websites, web applications, and web services, and identify security flaws. Netsparker can scan all types of web applications, regardless of the platform or the language with which they are built. When integrated with your Vulcan Platform, you'll be able to review web application vulnerabilities on your assets, while leveraging the power of Vulcan Cyber discoverability and automation.
Configure the Netsparker connector
Prerequisites
First, you need to grant the Vulcan Platform access to your Netsparker instance by issuing a user token. You authenticate to the Netsparker API by providing a user ID and authentication token. For instructions, click here.
Log in to your Vulcan Cyber dashboard and go to Connectors
Click on Add a Connector
Click on the Netsparker icon
Enter the following information into the connector setup page.
User ID and API Token
Map Netsparker severity to Vulcan numerical score: By default, the Vulcan Platform maps the Netsparker severity value with a set of default values. To customize the specific mapping values, click show more and modify.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Netsparker instance, then click Create (or Save Changes).
Allow some time for the sync to complete. You can review the sync status under Log.
To confirm that the sync is complete, navigate to the Connectors tab to check the sync status. Once the Netsparker icon shows Connected, the connection is complete.
From Netsrparker to the Vulcan Platform - Fields Mapping
Connector Fields Mapping
Netsparker field | Vulcan field | Value Example |
Name | Asset Name |
|
Website | Asset Type |
|
RootURL | Asset Pages > Name |
|
- | Asset Details |
|
Tags | Asset Tags |
Create tags from Create tag for |
Description | Vulnerability title |
|
Summary | Vulnerability description |
|
- | Vulnerability details |
|
- | Fix > Title | Netsparker Recommendations for {vulnerability title} |
Fix Description in Netsparker | Fix > Description |
|
Fix references in Netsparker | Fix > Reference |
|
Vulnerability Status Mapping
Netsparker status | Vulcan status |
Present | Vulnerable |
Fixed | Fixed |
False Positive | Ignored - false positive |
Accepted risk | Ignored - risk acknowledged |
Vulnerability Score Mapping
Connector Score | Vulcan score |
Critical | 10 |
High | 7 |
Medium | 5 |
Low | 3 |
Best Practice | 0 |
Information | 0 |
Locating Netsparker vulnerabilities in the Vulcan Platform
As Netsparker discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. With a large number of assets and vulnerabilities, discovering specific vulnerabilities via source is made easy with filters.
Open the Vulcan Platform dashboard and navigate to the Vulnerabilities. Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source.
Locate Netsparker on the vulnerability source list and click to filter results by Netsparker.
Click on any vulnerability to view further information.
Locating Netsparker assets in the Vulcan Platform
To quickly locate all synced website application assets from Netsparker, Go to the Assets tab in Vulcan Cyber.
Open the Vulcan Cyber Platform and navigate to Assets > Websites tab.
Click on the Search or filter websites input box and select Connector from the drop-down selection.
Locate the Netsparker option to view all synced assets.
Automating Netsparker vulnerability remediation actions in the Vulcan Platform
Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the Netsparker connector.