Netsparker Enterprise Connector Guide

How to set up the Netsparker Enterprise connector.

Netsparker Enterprise Connector Overview

Netsparker is an automated online web application security scanner that enables users to identify security flaws by exploiting identified vulnerabilities. Netsparker then assigns a severity level to these vulnerabilities to convey the urgency and potential damage of a specific security weakness. RiskSense offers an API-based connector that integrates the Netsparker module into the RiskSense platform for simplicity and flexibility. The Netsparker connector ingests application data from Netsparker and displays the vulnerabilities in the RiskSense platform for further prioritization.

Connector Configuration

Setting Up the Netsparker Connector

Navigate to the Automation > Integrations page.

Integrations Menu Location

Using the search bar in the upper-right corner of the Integrations page, type Netsparker Enterprise to find the connector.

Netsparker Ent Guide - Search for Netsparker Enterprise

Locate the Netsparker Enterprise card on the page and click Configuration.

Netsparker Ent Guide - Configuration Button Location

In the new window under Connection, complete the required fields, as described below.

Netsparker Ent Guide - Connection Section

  • Name: The connector’s name.
  • URL: Netsparker URL.
  • API User ID: The user ID that has access to Netsparker.
  • API Token: The user ID’s API token.
  • Network: RiskSense network name (ingested applications associated with this network).

Click Test Credentials to verify the credentials are correct and have access to make API calls to the Netsparker Enterprise instance.

Netsparker Ent Guide - Test Credentials Button Location

Configure the desired schedule for the connector to retrieve results from the Netsparker Enterprise instance and optionally turn on Enable auto URBA (Update Remediation by Assessment).

Netsparker Ent Guide - Schedule and Auto URBA Location

Click Save to create the connector.

Netsparker Ent Guide - Save Connector Button

Once saved, the connector is now visible on the Integrations page under Currently Configured Integrations.

Netsparker Ent Guide - Configured Netsparker Enterprise Connector

On the Settings (Settings Menu - Gear - Small) > Uploads page, Netsparker data is parsed from the scan file and displayed on the Applications and Application Findings pages.

Note: The Netsparker Enterprise API connector pulls issues based on the policy, and False Positive, Fixed, and Risk Accepted issues are filtered out. There is also a deduping process that completes before presenting Netsparker data in the RiskSense platform. For repeated vulnerabilities with the same URL and plugin ID, RiskSense presents it as a single finding with multiple requests and responses.

Netsparker Data Mapping in RiskSense

Applications Page

Application data extracted from the Netsparker Enterprise scan file is shown on the Applications page as an asset.

  • Address (Domain)
  • URLs
  • Vulnerability Counts by Severity (Total, Critical, High, Medium, Low, Info)
  • Last Scan Date

Other sections, such as Finding Categories, are populated based on information collected from the scan file.Netsparker Ent Guide - Applications Page

Application Findings Page

Any finding data extracted from the Netsparker Enterprise scan file is shown on the Application Findings page.

Section RiskSense Field Netsparker Field
Application Finding Details Title Title
Description Description
Discovered On First Seen Date
Last Found On Last Seen Date
Scanner Severity Severity
Vulnerabilities CVSS 3.0 CVSS
CWE CWE
CAPEC CAPEC
WASC WASC
PCI32 PCI32
Detailed Information URL URL
Headers HTTP Request
Response HTTP Response
Scanner Output Confirmed Confirmed
Certainty Certainty

 

Netsparker Ent Guide - Application Finding Detail