Don’t waste your time scanning more than you need. Netsparker’s scanning mechanism is fully configurable, enabling you to choose exactly which parts of your application to scan and for which type of web vulnerabilities to check.


When a web application vulnerability is suspected in a specific part of a web application it is unnecessarily time-consuming to scan the entire web application.

Netsparker accommodates this scenario with configurable scan scope, enabling the crawling process (and thus the URLs targeted for subsequent attacking) to be constrained within a user-defined subset of a domain.


Netsparker web security scans are highly configurable, enabling you to optimize Netsparker for performance or tailor it for other goals, such as web application vulnerability coverage.

A given combination of scan configuration settings (which includes scanner settings and a list of web application vulnerabilities checks) is known as a Scan Policy. Netsparker is shipped with a number of pre-defined Scan Policies, each designed to fulfill a common web security scanning scenario without the need for explicit configuration.

Standard Scan Policies can be cloned and modified to meet a particular objective; they may be saved as a new Scan Policy and may subsequently be re-used in the same manner as the standard Scan Policies.