Last year we released a Netsparker update on an almost monthly basis. This year we’ve been a little quieter, but we have not been sitting still. We have been working on a major update that we're delighted to be able to announce today – the new Netsparker Team and Enterprise plans!
This May 2018 update is not just about the new plans – that’s just the highlight. Read this post for an overview of all is new, improved and fixed in this major update of the Netsparker Web Application Security Scanner.
All New Netsparker Standard, Team & Enterprise Plans
There will no longer be a distinction between Netsparker Desktop and Netsparker Enterprise in licensing or pricing. We have integrated the two editions in our new plans. Now, when you purchase the Netsparker Team or Enterprise plan, you will have access to both the on-premises Windows software (Netsparker Desktop) and the hosted or on-premises edition of Netsparker Enterprise.
To complement these plans, we have added new functionality in both editions that enables you to connect them, and then easily share scanning and vulnerability data between them. We have explained the advantages of these new plans over individual licenses, and the integration functionality in our Integration Announcement.
This same approach is being applied to all of the editions’ scanning capabilities and coverage. Since both Netsparker Enterprise and Desktop solutions use the Proof-Based
Support for Single Sign-On
We have always encouraged our users – especially those who integrate Netsparker Enterprise in their SDLC, DevOps and other environments – to involve their entire team in the process of identifying, triaging and fixing vulnerabilities.
Now, including the team in all processes is much easier with the introduction of Single Sign-On support. Anyone who needs to access scan and vulnerability data on the Netsparker dashboard can easily do so securely, without the need to
Developers use many off-the-shelf web applications, frameworks and third-party components in their custom web applications. And, why not? Why reinvent the wheel when someone else has already done it for you?
The problem, as with every other type of software, is that these off-the-shelf components need to be kept up to date to address any security issues they might have. Netsparker has provided a solution. We have an extensive database that also contains security checks for
New User Interface & Visual Features
This latest Netsparker update has an awesome new UI and visual features.
A New Skin for Netsparker Desktop
Once you launch Netsparker, you’ll immediately notice the new skin of the on-premises scanner: new
We have also replaced the top drop-down menus with a new ribbon to make the features more accessible to you, a concept you'll already be familiar with from Microsoft Office.
Multi-display lovers will undoubtedly enjoy this feature. All panels in Netsparker Desktop, such as the sitemap, scan progress
New Security Checks & Improved Coverage
To ensure that our scanner continues to
- Server-Side Template Injection security checks (Malicious users can exploit this type of server-side flaw by managing to do unauthorized changes to a website template, possibly adding own malicious code, so when the template is parsed by the web application the attacker can read sensitive data and in some cases it can even lead to remote code execution.)
- Expect-CT HTTP header security check (Netsparker checks that the Expect-CT HTTP header is properly implemented. The Expect-CT (certificate transparency) HTTP header is used by websites to report and even enforce the Certificate Transparency requirements, which are basically used to request a browser to check that the website's certificate is valid (i.e. is listed in the public CT logs). Refer to the Certificate Transparency official website for more information).
- Improved the Anti-CSRF token support to also support tokens in HTTP headers and HTML meta tags.
Other Notable Highlights in this May 2018 Netsparker Update
- Smart Card authentication support (support for PKCS#11 certificates on smart cards on authenticated scans)
- Improved support for Swagger, YAML, React and similar web technologies
An newOWASP Top 10 2017 compliance report template
- Support for multiple sitemaps in robots.txt
- And many other updates