Testing with Nuclei Templates: Make Your DAST Scans 10x More Accurate

Most vulnerability scan tools work like this: you scan your application with the tool, the scanner cross-references its finding against its own vulnerability database, and generates a report listing all results that correlated with a specific vulnerability (from its own database).

‍

But this has a couple of rather significant problems for the security engineers or developers running the scan:

• The user doesn't know how the vulnerabilities are getting flagged, ie., the process of detection isn't visible to the user.
• The scanner's database is usually a large, generic list of vulnerabilities, not a specific set of security flaws.
• Security scans are a 'wide sweep' that target all known vulnerabilities at once.
• This means that the number of false positives is abnormally high.

‍

This doesn't mean these vulnerability scans don't have value — we still depend on them to provide a broad view of our software's security posture.

However, there is one vulnerability scanner that does things very differently, and it's a total game-changer.

‍

Nuclei: The sniper of vulnerability scanners

Nuclei is an open source vulnerability scanner by Project Discovery, and it has a secret weapon that sets it apart from most other scan tools: templates.

‍

What exactly are Nuclei templates?

Nuclei templates are YAML-based files that you can use to define what kind of vulnerabilities Nuclei needs to search for.

Think of them as instructions for Nuclei to scan for and find a specific type of vulnerability in your application.

‍

How are Nuclei templates different from most scanners?

The usual method of vulnerability scanning is akin to casting a net through the app and trying to catch a broad range of vulnerabilities in the process. Such an approach is bound to bring back more than just valid results, ie., false positives.

Nuclei, on the other hand, has the laser-focus of a sniper, only searching for its assigned target, ie., the vulnerability specified in your template.

‍

The best part of Nuclei templates is that not only has Project Discovery created a whole library of templates for you to use (you can find them here), but Nuclei also supports custom templates that you can write yourself!

That means you can customise your templates to match your tech stack, or configure it to find highly specific security flaws in your software.

‍

Check out this massive directory of all publicly available Nuclei templates.

Isn't it kind of crazy this is all free?

‍

Learn to automate DAST scans with Nuclei

How do you make Nuclei scans more powerful? Do them much more often!

Automating your Nuclei scans is the next step in taking your dynamic testing (DAST) to the next level. You can even add automated Nuclei scans as part of your CI/CD pipeline for DevSecOps.

‍

We've got 10 courses in DevSecOps, including one on Nuclei automation:

• Learn the basics of Nuclei
• Operate Nuclei with hands-on labs
• Create real-world Nuclei workflows for DevSecOps
• Build your own vulnerability suites

‍

Learn more about the course here.

Ready to give it a go? Pick your AppSecEngineer plan now and start learning!

‍