Netsparker recognized as Gartner Peer Insights Customers' Choice.

May 2020 Update for Netsparker Standard 5.8

Category: Releases - Last Updated: Thu, 14 May 2020 - by Netsparker Security Team

We’re delighted to announce the release of Netsparker Standard 5.8. The highlights of this release are Pivotal tracker integration, a Mime type step for test website configuration, improved pre-request scripting API, a fragment parsing option, and a new SameSite Cookies security check.

We have also added improvements and fixes.

Pivotal Tracker Integration

We have added Pivotal Tracker Send To integration, another send to implementation which allows users to send the vulnerability details to Pivotal Tracker. Pivotal Tracker is the agile project management tool of choice for developers around the world for real-time collaboration around a shared, prioritized backlog. Netsparker Enterprise will also have the same integration.

Pivotal Tracker Integration

For further information, see Integrating Netsparker Standard with Pivotal Tracker.

Mime Type Step for Test Website Configuration

This update has improved the Test Site Configuration wizard of Netsparker Standard by adding a Mime Type page. You can now download requests by selecting from a list of mime types. This feature allows users to download the requests that belong to the http://rest.testsparker.com vulnerable RESTful web service, with their desired mime type(s).

Mime Type Step for Test Website Configuration

For further information, see How to Scan REST APIs and Web Services with Netsparker.

Improved Pre-Request Scripting API

Previous versions of Netsparker Standard had read-only access to request headers and parameters. Now, with this update, we have added the ability to add, remove or edit request parameters and headers from pre-request scripts. Also, request bodies are exposed to pre-scripting API, so they can also be set from pre-request scripting.

Improved Pre-Request Scripting API

For further information, see Scan Settings – Pre-Request Script.

Fragment Parsing Option

We have added a Fragment Parsing checkbox option to the Crawling tab of the Scan Policy Editor dialog. You can check this option to enable parsing URI fragments in order to discover parameters in the fragment. It is enabled by default.

Fragment Parsing Option

For further information, see Crawling.

SameSite Cookies Security Check

The SameSite cookie attribute is used to disable third party usage of cookies, preventing CSRF attacks. In this security check, the scanner will check if the target web application sends the SameSite cookie attribute to the website cookies. We have added a new vulnerability for SameSite Cookies that are set to None and not marked as secure.

SameSite Cookies Security Check

For further information, see SameSite Cookies by Default in Chrome 76 and Above and How to Configure Security Checks in Netsparker Standard.

Further Information

For a complete list of what is new, improved and fixed in this update, refer to the Netsparker Standard Changelog.

Netsparker

Keep up with the latest web security
content with weekly updates.