We’re delighted to announce the release of Netsparker Standard 5.4. The highlights of this release are:
- Custom Security Checks via a Scripting feature
- HMAC Authentication Support via a Scripting feature
Other new features include Web Cache Deception Security Checks, Manual Authentication and new Send To Actions integrations.
We have two new security checks in this release:
- Custom Security Checks
- Web Cache Deception Security Checks
Custom Security Checks
For more information, see Custom Security Checks via Scripting.
Web Cache Deception Security Checks
We have added a Web Cache Deception engine to the list of Security Checks. Web cache deception is a new web attack vector that affects various technologies, such as web frameworks and caching mechanisms. The attack takes advantage of default behaviors and poor configurations of various technologies that are involved in the application's architecture.
We have two new authentication methods in this release:
- HMAC Authentication Support via Scripting
- Manual Authentication
HMAC Authentication Support via Scripting
This new authentication method will allow you to import and replay your pre-recorded requests. You will be able to playback any sequence of HTTP requests prior to a scan. It will not replace Form Authentication method but will act as a backup in cases where Form Authentication may fail with the user’s web site. Netsparker will support all the Import Links formats with the new authentication method, since it will use a similar technology.
Send To Integration
Users will be able to send vulnerability details to:
- Microsoft Teams
For further information on all the Send To integrations available for Netsparker Standard, see Issue Tracking Systems.
For a complete list of what is new, improved and fixed in this update, refer to the Netsparker Standard changelog.