Download Netsparker
Pricing
Blog
Contact
Netsparker

Netsparker 3.2 Released - New Features Overview

Category: Releases - Tags: netsparker release , netsparker improvements , web services scanner - Mon, 18 May 2015, by Robert Abela

We are happy to announce version 3.2 of the false positive free Netsparker Web Application Security Scanner. The new version includes several new features, improvements that make web vulnerability scans more efficient and also a number of bug fixes. The main highlight of this version is the web services scanner; Netsparker users can now scan and identify vulnerabilities and security issues in web services automatically and easily with Netsparker.

Read this article for more information about all of the new features in Netsparker version 3.2.

Identify Vulnerabilities and Security Issues in SOAP Web Services

Netsparker 3.2 brings one of the long awaited features SOAP Web Services scanning to the table. Your much loved web vulnerability scanner Netsparker is now capable of crawling WSDL files and generate proper HTTP requests for the SOAP operations discovered to identify security issues and vulnerabilities in them. Scanning a web service with Netsparker is as easy as scanning a web application; just point Netsparker to your WSDL link and click the Start Scan button. The following screenshot shows a Boolean SQL Injection identified in a SOAP request on the target web service implementation.

Boolean SQL Injection identified in a SOAP request on the target web service implementation

Scanning a Web Application and Web Service Automatically in a Single Scan - Hybrid Scanning

Netsparker also supports what we call Hybrid Scanning of web applications and web services in a single scan. You can point Netsparker to root of your web site and if the crawler identifies a WSDL file, it will also start scanning the identified web service in the same security scan. One of the benefits of this scanning style is, if an attack to your web service endpoint surfaces on some other part of your web site, i.e. as a permanent XSS vulnerability, Netsparker will report it.

Import Offline WSDL Files to Start a Web Service Security Scan

The WSDL files do not necessarily need to be served on the target server for Netsparker to be able to scan a web service. If you have disabled WSDL generation on your production servers due to security concerns, you can import the WSDL file from your disk to Netsparker before starting the scan. Netsparker will parse the imported WSDL document and add the necessary SOAP requests to the crawler. WSDL files can be imported using the familiar interface of previous Fiddler, Paros, etc. importers on Start a New Scan dialog.

New Knowledge Base Node for Web Services

SOAP web services discovered during the security scan will also be reported in a new separate Knowledge Base node. You can see each operation of the discovered web services under Web Services (SOAP) node.

Web Services Standards Supported by Netsparker v3.2

At its current incarnation, Netsparker supports the following web service standards:

New Request and Response Viewers for New HTTP Request Formats

With the increase of different HTTP request formats that Netsparker supports on its recent versions, the need to representing these requests and response using better viewers has arisen. To resolve this issue, Netsparker 3.2 introduces the much improved request and response viewers which can render JSON and XML documents in tree views. The following screenshot shows a SOAP request and response using the XML viewers:

New request and response viewers in Netsparker show SOAP requests and responses using the XML viewers

AJAX Knowledge Base Node

Netsparker now also reports any AJAX (XMLHttpRequest) requests under a new knowledge base node:

Ajax Knowledge Base node where AJAX and XML HTTP requests will be listed on Netsparker

Complete Change Log for Netsparker 3.2

For a complete detailed changelog of what is new and improved in the latest version of Netsparker please visit the Netsparker Change Log.

Netsparker Wep Application Security Scanner Find and Exploit vulnerabilities in Web Applications with Netsparker

Request Demo version of Netsparker ProfessionalorBuy Netsparker Professional

Follow us