May 2020 Update for Netsparker Standard 5.8
This blog post announces the May 2020 update for Netsparker Standard 5.8. The highlights of this release are Pivotal tracker integration, a Mime type step for test website configuration, improved pre-request scripting API, a fragment parsing option, and a new SameSite Cookies security check.
We’re delighted to announce the release of Netsparker Standard 5.8. The highlights of this release are Pivotal tracker integration, a Mime type step for test website configuration, improved pre-request scripting API, a fragment parsing option, and a new SameSite Cookies security check.
We have also added improvements and fixes.
Pivotal Tracker Integration
We have added Pivotal Tracker Send To integration, another send to implementation which allows users to send the vulnerability details to Pivotal Tracker. Pivotal Tracker is the agile project management tool of choice for developers around the world for real-time collaboration around a shared, prioritized backlog. Netsparker Enterprise will also have the same integration.
For further information, see Integrating Netsparker Standard with Pivotal Tracker.
Mime Type Step for Test Website Configuration
This update has improved the Test Site Configuration wizard of Netsparker Standard by adding a Mime Type page. You can now download requests by selecting from a list of mime types. This feature allows users to download the requests that belong to the http://rest.testsparker.com vulnerable RESTful web service, with their desired mime type(s).
For further information, see How to Scan REST APIs and Web Services with Netsparker.
Improved Pre-Request Scripting API
Previous versions of Netsparker Standard had read-only access to request headers and parameters. Now, with this update, we have added the ability to add, remove or edit request parameters and headers from pre-request scripts. Also, request bodies are exposed to pre-scripting API, so they can also be set from pre-request scripting.
For further information, see Scan Settings – Pre-Request Script.
Fragment Parsing Option
We have added a Fragment Parsing checkbox option to the Crawling tab of the Scan Policy Editor dialog. You can check this option to enable parsing URI fragments in order to discover parameters in the fragment. It is enabled by default.
For further information, see Crawling.
SameSite Cookies Security Check
The SameSite cookie attribute is used to disable third party usage of cookies, preventing CSRF attacks. In this security check, the scanner will check if the target web application sends the SameSite cookie attribute to the website cookies. We have added a new vulnerability for SameSite Cookies that are set to None and not marked as secure.
For further information, see SameSite Cookies by Default in Chrome 76 and Above and How to Configure Security Checks in Netsparker Standard.
For a complete list of what is new, improved and fixed in this update, refer to the Netsparker Standard Changelog.