January 2021 Update for Netsparker Enterprise On-Premises 1.9.3

Netsparker Security Team - Fri, 08 Jan 2021 -

This blog post announces the January 2021 update for Netsparker On-Premises 1.9.3, highlighting the GitLab CI/CD Scripting Updates, Oracle WebLogic checks, and WASC Threat Classification Report.

January 2021 Update for Netsparker Enterprise On-Premises 1.9.3

We’re delighted to announce the release of Netsparker Enterprise On-Premises 1.9.3. The highlights of this release are the GitLab CI/CD scripting updates, Oracle WebLogic checks, and WASC Threat Classification Report.

We have also added new security checks, improvements, and fixes.

GitLab CI/CD Scripting Updates

Netsparker already supports integration with GitLab CI/CD. With this update, Netsparker can now stop the scan if the build is failed in the GitLab CI/CD pipeline. Builds can be failed in the GitLab CI/CD pipeline when Netsparker identifies a specified level of vulnerability, such as critical or high level.

GitLab CI/CD Integration

For further information, see Integrating Netsparker Enterprise with GitLab CI/CD.

Oracle WebLogic Security Checks

Netsparker Enterprise can identify two critical vulnerabilities detected in Oracle WebLogic Server. Oracle WebLogic Server is an application server to develop, deploy, and run enterprise applications using Java Platform Enterprise Edition.

Oracle released a critical patch update to address critical WebLogic Server vulnerabilities CVE-2020-14882 and CVE-2020-14883. These vulnerabilities may allow attackers to compromise Oracle WebLogic Servers. Netsparker Enterprise can identify if your web application is vulnerable to these vulnerabilities in Oracle WebLogic Server.

Oracle WebLogic Confirmation

For further information, see Easily Exploitable Vulnerabilities in Oracle WebLogic Server.

WASC Threat Classification Report

Netsparker Enterprise allows you to generate the Web Application Security Consortium (WASC) threat classification report that lists only issues that fall under the WASC threat classification. This report is essential for organizations that want to improve their web application security.

WASC Threat Classification Report

For further information, see WASC Threat Classification Report.

Scan Group Selection in the Trend Matrix Report

The Trend Matrix report provides correlated, trending data about the status of vulnerabilities that were identified in your web application across several scans and enables you to easily track changes in the web application. With this update, it is possible to filter the report based on the scan group created.

Trend Matrix Report

For further information, see Trend Matrix Report.

Allowed Website Limit

Netsparker allows you to create and manage team members. With this update, users with administrator privileges can determine how many websites a specific user can be responsible for. It is an easy process with a slider.

Team Member Invitation

For further information, see Managing Team Members in Netsparker Enterprise.

General Performance Improvements

In addition to the improvements specified above, we implemented a number of enhancements to Netsparker Enterprise. For example, the performance of the Discovery service has been improved. In addition, we have streamlined the process of exporting reports for websites with large numbers of vulnerabilities. The performance of custom scripts has also been improved.

Further Information

For a complete list of what is new, improved, and fixed in this update, refer to the Netsparker Enterprise Changelog.