We are very happy to announce the September 2017 update of Netsparker Enterprise. In this update, we included new features, a good number of improvements, new security checks and numerous bug fixes. Here is an overview of what is new and improved in this September 2017 update of Netsparker Enterprise.
Configurable List of Parameter Names for Improved Handling of Anti-CSRF Tokens
We love automation! Netsparker can scan a website that uses Anti-CSRF tokens, without you having to disable them. Now you can also add a list of parameter names that use Anti-CSRF tokens, so the scanner can scan them successfully, without being hindered by the Anti-CSRF tokens.
Attacking Optimization Options for Recurring Parameters on Different Pages
When this option is enabled, Netsparker will identify the same parameters that are used on multiple pages, so not to scan them multiple times. Some examples of such parameters are search widgets, newsletter subscription and similar forms. Such setting can be enabled from the Attacking section of a Scan Policy.
Support for Multiple Configured Credentials
In Netsparker Enterprise now it is possible to configure multiple Basic, NTLM and Digest authentication credentials for the same target. So if your website has multiple password protected areas, and each of them requires different credentials, or use different authentication mechanisms, you can configure them in Netsparker Enterprise and scan all password protected areas in one single scan. For more information on how to configure multiple sets of credentials refer to the section Configuring multiple sets of credentials and URLs in the document Configuring Basic, NTLM & Digest Authentication in Netsparker.
Other Notable Features
In this September 2017 update of Netsparker Enterprise we have also added the following:
- Ability to configure custom HTTP headers for a scan
- Added the new Site Profile node in the Knowledge Base
New Security Checks & Product Improvements
In this update, we included numerous new security checks, product and security checks improvements. Since the list is too long (yes we really worked hard over the summer) we cannot include it in this blog post. Please refer to the Netsparker Enterprise changelog for a detailed list of what is new, improved and fixed in this update of Netsparker Enterprise.