Announcing the Deobfuscating JavaScript White Paper

Category: Web Security Readings - Last Updated: Thu, 04 Apr 2019 - by Netsparker Security Team
Announcing the Deobfuscating JavaScript White Paper

This blog post announces the publication of a White Paper called Deobfuscating JavaScript Code: A Steam Phishing Website, which examines a real world example of obfuscation in a phishing page that aimed to steal Steam Account credentials. It charts the different phases and techniques used in the unobfuscation process, as the code is cleaned. Read More

March 2019 Update for Netsparker Standard

Category: Releases - Last Updated: Thu, 28 Mar 2019 - by Netsparker Security Team

This blog post announces new features in the Netsparker Standard release of March 2019. Highlights are Scan Policies for PCI and OWASP Top Ten. Other new features include: scan performance upgrades; Netsparker Assistant; added Integration options for Azure DevOps, Redmine and Bugzilla; a Best Practice Severity Level; and new RESTful API features. Read More

Netsparker Terminates Support for TLS 1.0

Category: Product Docs & FAQS - Last Updated: Thu, 10 Jan 2019 - by Netsparker Security Team

Netsparker will no longer support TLS 1.0 from 14 January 2019. This will affect all HTTPS traffic to Netsparker, including: software updates, the licensing process for Netsparker and vulnerability database updates. Netsparker requests that all users encountering issues should update their settings or contact Netsparker Support. Read More

December 2018 Update for Netsparker Standard

Category: Releases - Last Updated: Thu, 10 Jan 2019 - by Netsparker Security Team

This blog post announces the new features and improvements in the latest Netsparker Standard release of December 2018. Highlights include: a rewritten sitemap and issues panel, a new family vulnerabilities feature, added support for 64-bit smart card drivers and Swagger 3.0 Importer, and several send to integration additions. Read More

Bypass of Disabled System Functions

Category: Web Security Readings - Last Updated: Tue, 04 Dec 2018 - by Netsparker Security Team
Bypass of Disabled System Functions

In this article, our Security Researchers examine the explicit code of the disabled system functions bypass, including the parameters of the imap_oprn function, the IMAP server types and SSH connection, and the -oProxyCommand in the exploit. They conclude with some methods to protect yourself against this bypass method. Read More

How Private Data Can Be Stolen with a CSS Injection

Category: Web Security Readings - Last Updated: Wed, 25 Apr 2018 - by Netsparker Security Team

Can private data be stolen by employing a CSS Injection? Why are hackers so determined? This article explores Cyber and Information Security expert Mike Gualtieri's experiments with CSS Exfil and the use of CSS Attribute Selectors. It concludes with a few pointers on how to avoid this type of attack and the need for a Content Security Policy. Read More