Netsparker Desktop Updated with DROWN SSL/TLS Security Check and More
This post gives an overview of what is new and improved in the latest Netsparker Desktop updates. The new updates also include new security checks for the new DROWN SSL/TLS vulnerability and several new security checks for the HSTS mechanism.
This month we have already released two updates for Netsparker Desktop web application security scanner. Below is an overview of what is new and improved.
New DROWN SSL Security Check
Netsparker Desktop will automatically check if the target is vulnerable to the DROWN vulnerability. We released the update just two days after the vulnerability was made public, in version 22.214.171.12405. DROWN is another SSL/TLS vulnerability with which attackers can force people to use insecure algorithms, thus allowing them to read the communication between the user and the server. You can read more about the DROWN vulnerability from the vulnerability website.
New HSTS Security Checks
In version 4.5.8 of Netsparker Desktop we also included a number of new security checks for the HTTP Strict Transport Security (HSTS) mechanism.
Other Improvements in Netsparker Desktop
In this March update of Netsparker Desktop web application security scanner we have also:
- Improved the heuristic URL Rewrite technology so it can detect even more URL Rewrite patterns and improve the efficiency of the crawler,
- Optimized several existing security checks,
- And much more.
For more detailed information on what is new, improved and also fixed in version 126.96.36.19929 of Netsparker Desktop please refer to the Netsparker Desktop changelog.