Netsparker Terminates Support for TLS 1.0

Category: Product Docs & FAQS - Last Updated: Thu, 10 Jan 2019 - by Netsparker Security Team

Netsparker will no longer support TLS 1.0 from 14 January 2019. This will affect all HTTPS traffic to Netsparker, including: software updates, the licensing process for Netsparker and vulnerability database updates. Netsparker requests that all users encountering issues should update their settings or contact Netsparker Support. Read More

December 2018 Update for Netsparker Standard

Category: Releases - Last Updated: Thu, 10 Jan 2019 - by Netsparker Security Team

This blog post announces the new features and improvements in the latest Netsparker Standard release of December 2018. Highlights include: a rewritten sitemap and issues panel, a new family vulnerabilities feature, added support for 64-bit smart card drivers and Swagger 3.0 Importer, and several send to integration additions. Read More

Bypass of Disabled System Functions

Category: Web Security Readings - Last Updated: Tue, 04 Dec 2018 - by Netsparker Security Team
Bypass of Disabled System Functions

In this article, our Security Researchers examine the explicit code of the disabled system functions bypass, including the parameters of the imap_oprn function, the IMAP server types and SSH connection, and the -oProxyCommand in the exploit. They conclude with some methods to protect yourself against this bypass method. Read More

How Private Data Can Be Stolen with a CSS Injection

Category: Web Security Readings - Last Updated: Wed, 25 Apr 2018 - by Netsparker Security Team

Can private data be stolen by employing a CSS Injection? Why are hackers so determined? This article explores Cyber and Information Security expert Mike Gualtieri's experiments with CSS Exfil and the use of CSS Attribute Selectors. It concludes with a few pointers on how to avoid this type of attack and the need for a Content Security Policy. Read More