Download Netsparker
Pricing
Blog
Contact
Netsparker

Netsparker 2.4.2.0 Supports Custom HTTP Headers in Automated Web Application Security Scans

Category: Releases - Tags: netsparker release , features highlight , custom http headers - Fri, 11 Apr 2014, by Onur Yılmaz

If you used Chrome browser you know how great its update system is, just like you we love that feature of Chrome, so we implemented a similar seamless update system for Netsparker Web Application Security Scanner. It’ll update what’s only necessary and install in the background without requiring any extra steps or clicks. This is an important step for the future of Netsparker, as this will allow us to push much more features to you without waiting too long.

New Error Reporting and Help Desk Integration

This is one of those things we hope you’ll never, ever see!

We provide really extensive and quick support and proud of it. To make it even better if Netsparker crashes on you now you see an interface which will attempt to look for a known solution and show you the solutions for that problem. If there are no known issues or the problem hasn’t solved for you after trying you’ll able to create a help desk ticket from Netsparker and our support team will get back to you swiftly.

Custom HTTP Headers

For those special applications or any interesting setup now you can add custom HTTP Headers to all requests done by Netsparker.

New Security Checks

  • Possible Windows Username Disclosure vulnerability detection
  • LigHTTPD Directory Listing vulnerability detection
  • Nginx Directory Listing vulnerability detection
  • LiteSpeed Directory Listing vulnerability detection
  • Generic Email Address Disclosure vulnerability detection (Now Generic Email Address Disclosure and Email Address Disclosure reported separately)
  • LigHTTPD Version Disclosure vulnerability detection
  • Nginx Version Disclosure vulnerability detection
  • SharePoint Version Disclosure Detection
  • IIS 8 Default Page Detection
  • Struts2 Development Mode Enabled Detection

Security Check Improvements

  • Highlighting added for Out of Date vulnerabilities
  • A new ASP.NET XSS bypass
  • New LFI (Local File Inclusion) checks
  • Improved Apache version matching
  • Improved HTTP Header Injection engine
  • Improved Unix Internal Path Leakage detection
  • Improved vulnerability reports by fixing typos and improving the language used
  • Improved Social Security Number vulnerability detection
  • Improved XSS engine where an extra slash character was causing problems

Other Fixes & Improvements

  • Lots of new default form values added. This can be configured from “Settings > Form Values”
  • Decreased the amount of request done by stripping unnecessary URLs produced by Netsparker attacks
  • Improved binary detection
  • Improved Detailed Scan Report where it handles long non-breaking lines better
  • Improved Configure Form Authentication wizard to exclude monitoring unrelated requests
  • Improved extensibility API where headers now can be accessed via keys (header names)
  • Improved Target URL text box in Start a New Scan dialog where it no more auto fills the email address in the clipboard
  • Improved Detailed Scan Report code by slightly refactoring
  • Improved User Manual documentation
  • Improved splash screen which no more steals focus
  • Fixed some external links in XSS documentation
  • Fixed a resource deployment bug which causes file access violations
  • Fixed a bug in JavaScript / AJAX Parser
  • Fixed Unicode non-breaking space character issue for report templates
  • Fixed intermittent TypeLoadException for ExtensibilityDelegateCollection bug
  • Fixed visual glitches seen on higher DPI settings
  • Fixed the incorrect behavior when Microsoft .NET Framework 4 Client profile is used. Netsparker will only launch on Extended edition
  • Fixed InvalidOperationException error while trying to generate a Crawled URL List report during a scan
  • Fixed "Token substitution failed." error when an HTTP request fails
  • Fixed a bug which crashes Netsparker when “Trebuchet MS Regular” style font is not installed
  • Fixed "InvalidOperationException: Stack empty." bug in Crawler
  • Fixed .NET URI decode bug occurs while unescaping path dots and slashes
  • Fixed a bug where the ViewState is highlighted wrong on the GUI
  • Fixed a bug where starting a new scan crashes Netsparker with NullReferenceException
  • Fixed a bug where Form Values settings grid was reporting an unexpected empty field error
  • Fixed a bug where regular 404 pages are added to Sitemap when Custom 404 is disabled
  • Fixed URI parsing bug caused by mailto: links
  • Fixed a bug which happens when you try to open Start a New Scan dialog while Netsparker is loading
  • Fixed Anti-CSRF token extraction when multiple forms exist in a page
  • Fixed a bug where false-positive "Redirect Body Too Large" vulnerability is reported when url location is double-encoded in body
  • Fixed an issue where "JavaScript / AJAX Parser" was making requests to image resources

Update

If you have a valid Netsparker Professional or Standard license then all you need to do is click "Help > Check for Updates" to update to Netsparker 2.4.2.0. Your next update will be delivered by the new seamless update system.

 

Netsparker Wep Application Security Scanner Find and Exploit vulnerabilities in Web Applications with Netsparker

Request Demo version of Netsparker ProfessionalorBuy Netsparker Professional

Follow us