Author Archives Netsparker Security Team

Netsparker enables you to send email and SMS notifications. With the April 2020 Update for Netsparker Enterprise, we added the facility to configure notifications in the Update Notification window to email reports as attachments on the Scan Completed event, including to external recipients. Read More

This blog post announces the May 2020 update for Netsparker Standard 5.8. The highlights of this release are Pivotal tracker integration, a Mime type step for test website configuration, improved pre-request scripting API, a fragment parsing option, and a new SameSite Cookies security check. Read More

This blog post announces the April 2020 update for Netsparker Enterprise. The new features of this release are U2F Authentication, issue synchronization for Azure DevOps and ServiceNow integrations, form validation errors in the knowledge base and reports, CVSS 3.1 support, and email reports after a scan. Read More

Cross-site request forgery attacks (CSRF or XSRF for short) are used to send malicious requests from an authenticated user to a web application. Learn how CSRF attacks work and what we can do to prevent them. Read More

This blog post announces the March 2020 update for Netsparker Standard 5.7. The highlights of this release are form validation errors in the knowledge base, CVSS 3.1 support, and query-based navigation in the Scan Policy Editor. Other new features are three new security checks, hash crawling support and an improved BREACH Attack template. Read More

This blog post announces the February 2020 update for Netsparker Enterprise. The new features of this release are a new Sitemap tab in reports; new integrations for Freshservice, Splunk and YouTrack; API Technologies endpoints; a Pre-Request Script feature; a redesigned Scan Summary page; rearranged Security Check groups; and a What’s New panel. Read More

Netsparker will no longer support TLS 1.1 from 26 December 2019. This will affect all HTTPS traffic to Netsparker, including: software updates, the licensing process for Netsparker and vulnerability database updates. Netsparker requests that all users encountering issues should update their settings or contact Netsparker Support. Read More

This blog post announces the January 2020 update for Netsparker Standard 5.6. The new features of this release are WAF identification detection, license activation, new integrations, a new scan policy and report, a new login confirmation, and an auto export feature. Read More

This blog post announces the December 2019 update for Netsparker Enterprise. Highlights include a new Technologies feature, new issue tracking software integrations, new security checks, and new API Endpoint features. Read More

This blog post announces the November 2019 update for Netsparker Standard 5.5. The release highlights are a new Scan Search feature, new Security Checks, and new Web Application Firewall integrations. Other features include improvements to the Progress Panel and Form Authentication OTP support. Read More

This blog post announces the September 2019 update for Netsparker Standard 5.4. The release highlights are Custom Security Checks via Scripting and HMAC Authentication Support via Scripting. Other features include Web Cache Deception Security Checks, Manual Authentication and new Send To Actions integration. Read More

This blog post announces the September 2019 update for Netsparker Enterprise. Highlights are support for internal agents and bulk operations, and new issues tracking integrations and API endpoints. Other new features are support for data exporting, a technical contact change option, scan conversion options, and new malware technology. Read More

Netsparker Enterprise Account Executive Joe Gillespie is interviewed at Black Hat USA 2019 by Enterprise Security Weekly hosts. They discuss the challenges of security scanning, vulnerability management, automation, issue tracking, website discovery, and the latest news from Netparker. Read More

The Low Orbit Ion Cannon (LOIC) is a network stress testing application for Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks that has been used by hacktivists. This article describes how the LOIC works, its limitations, and why it is popular. Finally, it offers advice on how to defend against LOIC attacks. Read More

Anti-CSRF tokens protect against cross-site request forgery attacks. This article explains the basics of anti-CSRF tokens, including how to generate and verify them. It then describes anti-CSRF protection for specific forms and each request. Finally, it examines issues on CSRF protection, such Ajax, login and non-persisted tokens. Read More

Man-in-the-Middle (MiTM) attacks are a way for hackers to steal information. This article explains how MiTM and sniffing attacks differ. It lists three areas where MiTM attacks occur – public networks, personal computers and home routers. It describes the stages and techniques of how MiTM attacks work. Finally, it provides tips on avoiding attacks. Read More

This blog post announces the publication of a whitepaper by Netsparker on Enterprise Web Security Best Practices: How To Build a Successful Security Process. This whitepaper provides instructions on how to build and scale a successful security process. Included is a best practices workflow compiled from industry leaders from years of experience. Read More

This month, Netsparker celebrates its 10th birthday. In those 10 years, we’ve grown into a market leader and have helped hundreds of organisations along the way. Our Netsparker editions have developed significantly in this decade to respond to different security threats and the need to scale up for enterprises. Thanks for joining us on the journey! Read More

This article examines how Facebook has stored hundreds of millions of users’ passwords in plain text since 2012. On Hack Naked News #212, Netsparker security researcher Sven Morgenroth talks about the origin of this news story, the statistics involved, the security problems it has created for Facebook and its users, and what they can do about it. Read More

This article explains the three different types of cross-site scripting (XSS) vulnerability. It also uses examples to highlight how attackers can exploit such vulnerability and what you, as a developer can do to prevent XSS Vulnerabilities in your web applications. Read More