Author Archives Netsparker Security Team

The Netsparker web application security scanner has an Application & Service Discovery service that enables you to account for all your online collateral. The Netsparker Enterprise On-Premises June 2020 Update introduced a new API support for this service to give you more options for its settings. Read More

The Netsparker web application security scanner integrates with many popular applications. The Netsparker Enterprise On-Premises June 2020 Update introduced a new integration with Mattermost. It is also available for the Netsparker Enterprise On-Demand edition. Read More

This blog post announces the June 2020 update for Netsparker Enterprise On-Premises. The new features of this release are integration for Mattermost, API support for the Discovery Service, and a SameSite Cookies security check. Read More

Anti-CSRF tokens protect against cross-site request forgery attacks. This article explains the basics of anti-CSRF tokens, including how to generate and verify them. It then describes anti-CSRF protection for specific forms and each request. Finally, it examines issues on CSRF protection, such Ajax, login and non-persisted tokens. Read More

With the April 2020 Update for Netsparker Enterprise, we added support for Universal 2nd Factor Authentication, so you can now use any compliant U2F device. This provides you with a defense against phishing attacks, strong security, and heightened privacy. Read More

Netsparker enables you to send email and SMS notifications. With the April 2020 Update for Netsparker Enterprise, we added the facility to configure notifications in the Update Notification window to email reports as attachments on the Scan Completed event, including to external recipients. Read More

This blog post announces the May 2020 update for Netsparker Standard 5.8. The highlights of this release are Pivotal tracker integration, a Mime type step for test website configuration, improved pre-request scripting API, a fragment parsing option, and a new SameSite Cookies security check. Read More

This blog post announces the April 2020 update for Netsparker Enterprise. The new features of this release are U2F Authentication, issue synchronization for Azure DevOps and ServiceNow integrations, form validation errors in the knowledge base and reports, CVSS 3.1 support, and email reports after a scan. Read More

Cross-site request forgery attacks (CSRF or XSRF for short) are used to send malicious requests from an authenticated user to a web application. Learn how CSRF attacks work and what we can do to prevent them. Read More

This blog post announces the March 2020 update for Netsparker Standard 5.7. The highlights of this release are form validation errors in the knowledge base, CVSS 3.1 support, and query-based navigation in the Scan Policy Editor. Other new features are three new security checks, hash crawling support and an improved BREACH Attack template. Read More

This blog post announces the February 2020 update for Netsparker Enterprise. The new features of this release are a new Sitemap tab in reports; new integrations for Freshservice, Splunk and YouTrack; API Technologies endpoints; a Pre-Request Script feature; a redesigned Scan Summary page; rearranged Security Check groups; and a What’s New panel. Read More

Netsparker will no longer support TLS 1.1 from 26 December 2019. This will affect all HTTPS traffic to Netsparker, including: software updates, the licensing process for Netsparker and vulnerability database updates. Netsparker requests that all users encountering issues should update their settings or contact Netsparker Support. Read More

This blog post announces the January 2020 update for Netsparker Standard 5.6. The new features of this release are WAF identification detection, license activation, new integrations, a new scan policy and report, a new login confirmation, and an auto export feature. Read More

This blog post announces the December 2019 update for Netsparker Enterprise. Highlights include a new Technologies feature, new issue tracking software integrations, new security checks, and new API Endpoint features. Read More

This blog post announces the November 2019 update for Netsparker Standard 5.5. The release highlights are a new Scan Search feature, new Security Checks, and new Web Application Firewall integrations. Other features include improvements to the Progress Panel and Form Authentication OTP support. Read More

This blog post announces the September 2019 update for Netsparker Standard 5.4. The release highlights are Custom Security Checks via Scripting and HMAC Authentication Support via Scripting. Other features include Web Cache Deception Security Checks, Manual Authentication and new Send To Actions integration. Read More

This blog post announces the September 2019 update for Netsparker Enterprise. Highlights are support for internal agents and bulk operations, and new issues tracking integrations and API endpoints. Other new features are support for data exporting, a technical contact change option, scan conversion options, and new malware technology. Read More

Netsparker Enterprise Account Executive Joe Gillespie is interviewed at Black Hat USA 2019 by Enterprise Security Weekly hosts. They discuss the challenges of security scanning, vulnerability management, automation, issue tracking, website discovery, and the latest news from Netparker. Read More

The Low Orbit Ion Cannon (LOIC) is a network stress testing application for Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks that has been used by hacktivists. This article describes how the LOIC works, its limitations, and why it is popular. Finally, it offers advice on how to defend against LOIC attacks. Read More

Man-in-the-Middle (MiTM) attacks are a way for hackers to steal information. This article explains how MiTM and sniffing attacks differ. It lists three areas where MiTM attacks occur – public networks, personal computers and home routers. It describes the stages and techniques of how MiTM attacks work. Finally, it provides tips on avoiding attacks. Read More