We are excited to announce the release of a Netsparker Desktop version 4.5.2, and Netsparker Cloud web application security scanning service update 20160107. There are quite a few new features to talk about, so let’s get started.
The new features automatic configuration of URL rewrite rules and Scan Policy Optimizer will automate more of the pre-scan process for you, making the scanning of hundreds and thousands of websites an easier task. We are also introducing the new proof of exploitation, which will definitely ease the post scan process for you, as explained further down in this post.
These new updates also include a number of new web security checks and several internal product improvements, such as the fully responsive Netsparker Cloud dashboard. Below is a highlight of the main features.
Netsparker scanners no longer require you to configure URL rewrite rules. The new web security scanners will automatically configure the URL rewrite rules needed to scan all the parameters in URLs. Configured URL rewrite rules also mean more efficient scans.
If you wish to manually configure URL rewrite rules in Netsparker scanners it is still possible. Though if you do not have detailed knowledge of the target website’s setup, or have to scan hundreds, or thousands of websites you do not need to get bogged down in such pre-scan task. Read the whitepaper Automating the Configuration of URL Rewrite Rules in Netsparker Web Application Security Scanners for more detailed information on this new unique technology.
Optimized scan policies mean shorter and more efficient scans, though not everyone has the time or knowledge to manually optimize web security scan policies. For this reason, our automation obsessed engineers came up with the Scan Policy Optimizer; a wizard based optimizer that enables you to optimize scan policies according to your target website, within just a minute.
Automatic exploitation of identified vulnerabilities is something we pioneered with the first release of Netsparker web application security scanner. With such technology you do not have to manually verify all of the scanner’s findings, easing off the post scan process.
Ever since we have been continuously improving this unique technology, and with this new release we are announcing a major improvement; proof of exploitation. Therefore upon automatically exploiting a vulnerability, the scanner will also generate a proof of the exploit. For example in case of a Command Injection, the scanner will send certain commands and show the server's response to the command injection in the vulnerability report.
Beside of the fact Netsparker marks the vulnerability as “CONFIRMED”, now Netsparker provides conclusive proof as well.
You can now configure Send To actions in Netsparker web application security scanner to migrate identified security flaws to Github and Team Foundation Server with just a single mouse click. All you need to do is configure the credentials and projects. Then simply right click an identified vulnerability and select the server you would like to automatically add it to as an issue in your projects.
The new updated Netsparker Cloud dashboard is fully responsive. Now you can check the status of your web application security scans from your mobile phone or tablet. There is no difference to accessing Netsparker Cloud from your portable device or your computer; you can still review scan results, assign vulnerabilities as tasks and launch new web application security scans.
Here are some of the new web security checks included in the latest version of the Netsparker web security scanners:
For a complete list of what is new and what has been improved in the latest versions of Netsparker Desktop and Netsparker Cloud refer to the changelog.
Web application security is difficult, hence the tools and services your business invests in should be easy to use and help you automate as much as possible. And this is exactly what Netsparker web security scanners do; help you identify vulnerabilities in web applications and ensure they are fixed with the least possible effort from your end. Apply now for a free trial of Netsparker Cloud or download a demo of Netsparker Desktop to see the difference.