Download Netsparker
Pricing
Blog
Contact
Netsparker

The New Netsparker Web Security Scanners: Automated Configuration of URL Rewrite Rules, Scan Policy Optimizer and Proof of Exploitation

Category: Releases - Tags: netsparker desktop release , netsparker cloud update , new security checks , new features - Fri, 05 Feb 2016, by Robert Abela

We are excited to announce the release of a Netsparker Desktop version 4.5.2, and Netsparker Cloud web application security scanning service update 20160107. There are quite a few new features to talk about, so let’s get started.

The new features automatic configuration of URL rewrite rules and Scan Policy Optimizer will automate more of the pre-scan process for you, making the scanning of hundreds and thousands of websites an easier task. We are also introducing the new proof of exploitation, which will definitely ease the post scan process for you, as explained further down in this post.

These new updates also include a number of new web security checks and several internal product improvements, such as the fully responsive Netsparker Cloud dashboard. Below is a highlight of the main features.

Automated Configuration of URL Rewrite Rules in Netsparker Web Security Scanners

Netsparker scanners no longer require you to configure URL rewrite rules. The new web security scanners will automatically configure the URL rewrite rules needed to scan all the parameters in URLs. Configured URL rewrite rules also mean more efficient scans.

Automatically configured URL rewrite rules in Netsparker Desktop

If you wish to manually configure URL rewrite rules in Netsparker scanners it is still possible. Though if you do not have detailed knowledge of the target website’s setup, or have to scan hundreds, or thousands of websites you do not need to get bogged down in such pre-scan task. Read the whitepaper Automating the Configuration of URL Rewrite Rules in Netsparker Web Application Security Scanners for more detailed information on this new unique technology.

Scan Policy Optimizer for Shorter & More Efficient Web Security Scans

Optimized scan policies mean shorter and more efficient scans, though not everyone has the time or knowledge to manually optimize web security scan policies. For this reason, our automation obsessed engineers came up with the Scan Policy Optimizer; a wizard based optimizer that enables you to optimize scan policies according to your target website, within just a minute.

Scan Policy Optimizer Summary

Proof of Exploitation, So You Do Not Have To Verify All The Scanner Findings

Automatic exploitation of identified vulnerabilities is something we pioneered with the first release of Netsparker web application security scanner. With such technology you do not have to manually verify all of the scanner’s findings, easing off the post scan process.

Ever since we have been continuously improving this unique technology, and with this new release we are announcing a major improvement; proof of exploitation. Therefore upon automatically exploiting a vulnerability, the scanner will also generate a proof of the exploit. For example in case of a Command Injection, the scanner will send certain commands and show the server's response to the command injection in the vulnerability report.

Proof of a command injection

Beside of the fact Netsparker marks the vulnerability as “CONFIRMED”, now Netsparker provides conclusive proof as well.

Export Identified Web Security Flaws as Issues into Github and Team Foundation Server with just a Click

You can now configure Send To actions in Netsparker web application security scanner to migrate identified security flaws to Github and Team Foundation Server with just a single mouse click. All you need to do is configure the credentials and projects. Then simply right click an identified vulnerability and select the server you would like to automatically add it to as an issue in your projects.

Export identified web vulnerabilities to JIRA, Github and other bug tracking and source control systems

Responsive Netsparker Cloud Dashboard for Mobile and Tablet Users

The new updated Netsparker Cloud dashboard is fully responsive. Now you can check the status of your web application security scans from your mobile phone or tablet. There is no difference to accessing Netsparker Cloud from your portable device or your computer; you can still review scan results, assign vulnerabilities as tasks and launch new web application security scans.

List of scheduled and completed web security scans in Netsparker CloudSummary of vulnerabilities identified on target website in Netsparker CloudLists of tasks in Netsparker CloudDashboard in Netsparker CloudA cross-site scripting vulnerability reported in Netsparker CloudScan summary of target website in Netsparker CloudScan policies in Netsparker Cloud

New Web Security Checks in Netsparker Desktop & Netsparker Cloud

Here are some of the new web security checks included in the latest version of the Netsparker web security scanners:

  • Check for outdated and possible vulnerable JavaScript libraries
  • Hidden directory checks for detection of admin panels
  • Security checks for Windows short file/folder name disclosure
  • Ruby on Rails and RubyGems security checks such as:
    • checks for database configuration files
    • checks for version in HTTP responses
    • check if version is out of date
    • check for status of development mode
  • Backdoor checks for MOF Web Shell and DAws.
  • New attack patterns for "boot.ini" LFI checks.
  • MySQL "LIMIT" injection attack patterns.
  • MSSQL error based SQLi attack payloads.
  • New knowledge base nodes for SSL issues, CSS and slow pages

Improved Security Checks

  • MySQL "LIMIT" injection attack patterns.
  • MSSQL error based SQLi attack payloads.

Other Noteworthy Features & Improvements

  • New template for HIPAA compliance report
  • Windows 10 support
  • Added syntax highlighting in HTTP request and response viewers for XML, JSON, CSS, JavaScript etc
  • Several performance and memory management improvements

Complete List of What is New and Improved in New Netsparker Scanners

For a complete list of what is new and what has been improved in the latest versions of Netsparker Desktop and Netsparker Cloud refer to the changelog.

Automate More of Your Web Application Security

Web application security is difficult, hence the tools and services your business invests in should be easy to use and help you automate as much as possible. And this is exactly what Netsparker web security scanners do; help you identify vulnerabilities in web applications and ensure they are fixed with the least possible effort from your end. Apply now for a free trial of Netsparker Cloud or download a demo of Netsparker Desktop to see the difference.

Netsparker Wep Application Security Scanner Find and Exploit vulnerabilities in Web Applications with Netsparker

Request Demo version of Netsparker ProfessionalorBuy Netsparker Professional

Follow us