We have just updated Netsparker Enterprise, our online web application security scanner.
In this new update we included a wizard to help first time users add their first website to Netsparker Enterprise and launch a web application security scan. We also added support for late confirmation of web vulnerabilities; there are scenarios in which some vulnerabilities, such as blind and second order ones cannot be confirmed by Netsparker Hawk testing infrastructure while the scan is running. Therefore if a vulnerability is identified and confirmed after the scan has finished, you will be alerted via email about it.
In this update of Netsparker Enterprise, we also included a good number of crawler coverage, vulnerability detection, performance and UI improvements. Last but not least, we added new security checks for time based Server-Side Request Forgery, insecure targets in Content Security Policy, added markdown injection attack pattern in the XSS engine and more.
For a complete list of what is new, improved and fixed in this month’s update of our dead accurate web application security scanner, please refer to the changelog.