January 2017 Netsparker Desktop Update
The highlight of this January 2016 update of Netsparker Desktop web application security scanner is the Netsparker Hawk vulnerability testing infrastructure, which enables the scanner to find a number of vulnerabilities that it was not able to detect before.
We might have skipped the December 2016 update of Netsparker Desktop, but we are starting 2017 with a bang! We are happy to announce the release of the Netsparker Hawk with the latest update to the Netsparker Web Application Security Scanner.
What is Netsparker Hawk?
Netsparker Hawk is a vulnerability testing infrastructure that we built. It is used by our web application security scanner to automatically detect more vulnerabilities, mainly those types that cannot be detected using the typical request-response method. Some of the vulnerabilities that the Netsparker scanner can now find through the Netsparker Hawk infrastructure are:
- Out-of-band Code Evaluation
- Out-of-band Command Injection
- Out-of-band Remote File Inclusion (RFI)
- Out-of-band SQL Injection
- Blind Cross-site Scripting (XSS)
- XML External Entity (XXE) Injection
- Server-Side Request Forgery (SSRF)
For more information on how the Netsparker Hawk works, and how the web application security scanner will be using it to detect the above web application vulnerabilities read How Netsparker detects Server-Side Request Forgery and Out-of-band vulnerabilities.
Other Improvements and Updates with Netsparker Desktop 4.8
In this update we also added new security checks for Stored DOM based XSS, added automatic confirmation for Frame Injection vulnerabilities, improved the performance of the DOM simulator, improved the coverage of Open Redirect security checks and fixed several issues. For a complete list of what is new, improved and fixed in this version of Netsparker Desktop please refer to the changelog.