Identify Vulnerabilities Automatically in Google Web Toolkit Applications with Netsparker 4

Press Release about the new Netsparker Desktop 4 which fully supports applications built with Google Web Toolkit, has an all new fully automated form authentication mechanism and is fully loaded with new security and vulnerability checks.

18th March 2015, London – Netsparker Ltd today announced the release of Netsparker Desktop version 4, the leading false positive free web application security scanner that simulates malicious hacker attacks and enables users to automatically identify vulnerabilities and security flaws in their websites and web applications.

The new version of the desktop edition of Netsparker web application security scanner is very easy to use even when compared to its predecessors. It can automatically scan and identify vulnerabilities in web applications built with Google Web Toolkit and in file upload forms. It also has an all new fully automated form authentication mechanism, as explained below.

Easily Scan Password Protected Websites

The new authentication mechanism of Netsparker Desktop emulates a real user login. An out of the box installation supports two-factor authentication and other one time tokens that are typically used in modern websites.

Configuring form based authentication in Netsparker Desktop is easier than ever before. There is no need to record any macros, just enter the login form URL and the credentials and the rest is done automatically by the scanner.

Automatically Scan Google Web Toolkit Web Applications

Nowadays more and more web applications are being built using Google Web Toolkit and since they are built using mainly JavaScript. In the new version of Netsparker 4 we built a new dedicated engine that allows Netsparker users to thoroughly crawl and scan Google Web Toolkit web applications and automatically identify vulnerabilities and security flaws in them.

Scanning Websites & Web Applications Just Got Easier

Netsparker Desktop is the web application security scanner of choice for many because it is very easy to us. And with the new Start a New Scan dialog, launching an automated web application security scan just got easier.

The Start a New Scan dialog in Netsparker has been improved so now it is easier than ever before to launch a new web application security scan.

The new Start a New Scan dialog only contains the generic scan settings that are typically required to launch a web application security scan such as scope settings, URL rewrite rules, Imported links and authentication settings. Other advanced scan settings such as HTTP connection details can be configured from the Scan Policy Editor.

Identify Vulnerabilities in File Upload Forms

Many modern web applications such as e-banking and customer portals, and even popular social networking services such as Facebook and Twitter allow users to upload files. Such file upload forms can lead to many security issues that might cause malicious attackers to gain complete access to your servers.

Using the new version of Netsparker Web Application Security Scanner you can now automatically scan file upload forms and check if they are vulnerable to malicious attacks. For example Netsparker will alert you if the file upload form has good validation in place or if any of the security validation checks can be bypassed.

Other New Netsparker Desktop Features, Security Checks and Improvements

Apart from the above the new version of Netsparker also includes some other new features and security checks. Below are a few new vulnerability checks that are included in the new version of Netsparker Desktop:

  •      Cross Frame Options Security checks
  •      XML External Entity vulnerability
  •      Cross Origin Resource Sharing checks

In the new version of Netsparker Desktop there are also a good number of product improvements which are fundamental to ensure more efficient and accurate web application security scans. Below is a list of just a few of the improvements in Netsparker version 4:

  •      DOM XSS attack patterns have been improved for more accurate detection
  •      Increased the coverage of Open Redirect vulnerabilities
  •      Improved connection string detection to cover more cases and run faster
  •      Added Retest All functionality allowing users to easily retest all identified vulnerabilities

For more details about what is new and improved in the latest version of the web application security scanner Netsparker Desktop read the Netsparker Desktop 4 Features Highlights

About the Author

Ferruh Mavituna - Founder, Strategic Advisor

Ferruh Mavituna is the founder and CEO of Invicti Security, a world leader in web application vulnerability scanning. His professional obsessions lie in web application security research, automated vulnerability detection, and exploitation features. He has authored several web security research papers and tools and delivers animated appearances at cybersecurity conferences and on podcasts. Exuberant at the possibilities open to organizations by the deployment of automation, Ferruh is keen to demonstrate what can be achieved in combination with Invicti’s award-winning products, Netsparker and Acunetix.