Netsparker's 2016 in Review
A high level overview of all the new features that we introduced in our web application security scanner during 2016.
2016 was a great year for Netsparker! We were the first (and only) web application security scanner vendor to introduce a number of cutting-edge technologies that make it possible to scale up web scanning and easily scan 100s and 1000s of websites, without having to spend hours configuring complex tools and days verifying that the vulnerabilities the scanner has detected are not false positives.
In 2016 we have also introduced the monthly updates for our web application security scanner. We have also been featured in a number of interviews on some popular podcasts and more, as highlighted in this overview post.
Automating and Scaling Up Web Vulnerability Scanning
The first Netsparker update we released in 2016 focused on automation and scalability. We developed features in the scanner to help users automate much more of both the pre-scan (configuration) and post-scan (verifying the results). The February 2016 update of Netsparker scanner had:
Automatic recognition and configuration of URL rewrite rules: you do not need to know the URL rewrite configuration on the target and configure the scanner to crawl and scan all the parameters on the target website.
In the February 2016 update of Netsparker web application security scanner we also released the:
- fully responsive Netsparker Enterprise web interface,
- the Scan Policy Optimizer,
- integration with bug tracking systems such as Github and Team Foundation Server,
- and much more, as you can read in these release notes.
Monthly Web Security Scanner Updates
Since April 2016 we started releasing a monthly update of both the Netsparker web scanner editions. The advantage of monthly releases is that you do not have to
- Updated the scanning engine to automatically find vulnerabilities in Parameter-based navigation web applications,
- Improved the scanning engine to better crawl and scan single page web applications (SPA)
- Ability to export the web security scan results as ModSecurity WAF rules,
- Updated the scanner to automatically scan REST APIs / RESTful web services,
- Introduced the Report Policies in Netsparker Enterprise,
- Added the HTTP Request Builder tool in Netpsarker Desktop, so you can create your own HTTP requests,
- Rebuilt the Netsparker Enterprise Web Vulnerability Tracking System,
- Added SMS and Email Notifications in Netsparker Enterprise, so you can be instantly alerted when critical vulnerabilities are identified on your web applications,
Apart from all the new features and scanner improvements, every month we are introducing new web vulnerability checks and improving the existing ones. We are also frequently adding new security checks such as checks for Subresource Integrity and Content Security Policy, to help you build more secure web applications.
Free Netsparker Enterprise Scans, Interviews and More from Netsparker
In 2016 we have also announced free Netsparker Enterprise web vulnerability scans
Our CEO Ferruh Mavituna has also been interviewed several times during 2016. Starting with an interview in which he explains what is Netsparker at RSA in San Francisco, and then four more interviews on the popular security show Paul’s Security Weekly. You can watch all the interviews from the below links:
- Security Weekly episode 457
- Security Weekly episode 463
- Security Weekly episode 483
- Security Weekly episode 492
We also hosted a webcast with our friends from Denim group on how to optimize your application security program with Netsparker and ThreadFix.
What’s in Store for Netsparker Web Security Scanner in 2017?
In 2016 we have pushed the boundaries of what we can automate in web application security. For 2017 the mantra will be the same. Continue improving the cloud-based and desktop editions of our web application security scanner both in terms of features, ease of use, automation and also scanning capabilities.