A new version of Netsparker is here! It took us a while to get this one out and there are many minor & major changes, updates, engine improvements and a new engine. As usual it's free for all current subscribers and all you need to do is clicking to “Help > Check for Updates” to update your Netsparker Professional / Standard edition.
We added a new engine to detect Command Injection when output of the command is not visible in the HTTP Response.
Better SQL Injection Tests
We heavily focused on SQL Injection coverage and increasing it in this release. Improved Error Based SQL Injection and Blind SQL Injection Engines a lot. Now they'll find more corner cases including SQL Injections in INSERTs, UPDATEs, COLUMN fields, TABLE fields and lots of other not-so-common places.
Error based SQL Injection exploitation now supports MSSQL, MySQL, ORACLE and Postgres databases.
Post-exploitation checks "Database User has Admin Privileges" issues now support MSSQL, MySQL, ORACLE and Postgres.
Client Certificate Authentication Support
Now you can test Client Certificate required applications and it's integrated to Windows Certificate Store.
Netsparker now maps all identified vulnerabilities with PCI 1.2, OWASP Top 10 - 2010, WASC, CWE and CAPEC. Related references can be found in vulnerability view, PDF, XML and HTML reports.
New Save Files
Now you can double click Netsparker Save Files and open previously saved scans, while doing this we also added that now all Auto-saved scans stored in the recent file. Now you can easily access your previous scans.
Old School Changelog