As it was promised earlier, the status of Warning as well as the status of Error is abolished in a new version of a scanner. Scan report in the new version has changed a lot. Now the report specifies three types of vulnerabilities: XSS, SQL injection and Active script (other vulnerabilities). Scan report in previous versions of the scanner put some in a deadlock, especially vulnerability to the status of Warning. In the new version of scanner everything is done to simplify the understanding of the logic on which the scanner has found a particular vulnerability. The report shows the key lines of code side by side with the vulnerability line. Therefore, we can trace all the chain the scanner used in the analysis. Unsafe option is released in red in the report. For non-experienced website owners, when you hover the mouse on a line with a vulnerability, the prompt with the way to remove appears.
It is very important to download the entire code of the site as a whole, and not its individual modules. The scanner creates a report analyzing all scan functions. So if you check, for example, plugin for Joomla or other CMS just copy the plugin in a folder of distribution Joomla, collect within a ZIP and upload to the scanner. When checking the individual plugins or files, the scanner does not see the full picture and gives an incorrect report. Some people begin to distrust the scanner, because they think that to download the code is to trust the project. Of course it’s a point for your consideration but the scanner deletes files right away after scanning. Besides, you do not need to load your site content: pictures, videos, music and so on. Save time