Netsparker Cloud Update - 11th April 2016
New Security Checks
Added Missing X-XSS-Protection Header vulnerability check.
Added Insecure Transportation Security Protocol Supported (TLS 1.0) vulnerability check.
Added the Smart DFS feature to the Dom Parser which uses a similarity heuristic technology for DOM elements to avoid multiple scanning of the same or similar parameters.
Improved "Not Found Analyzer" to better handle binary responses and long strings.
Added a link to the proof URL for XSS vulnerabilities.
Added link generation to Text Parser for all select element options.
Improved DOM parser to skip redirect responses.
Improved the DOM parser to use the input value for auto-suggest simulation when input is not in a form.
Improved the coverage of file upload security checks.
Improved the coverage of XSS security checks.
Improved UI of the scan policy optimized wizard.
API authentication method updated for backward compatibility.
Fixed an issue where LFI attack patterns were being reported as internal path disclosure.
Fixed the incorrect raw response representing SSL connections.
Fixed an issue where forms containing ignored parameters were not reported as a CSRF vulnerability.
Fixed a case where dynamically generated HTML option elements' change event were not being triggered.
Fixed cross-domain document access errors on DOM parser and XSS scanner.
Fixed an issue where a JSON request's method was incorrectly recognized as POST rather than GET.
Fixed a retest issue where a vulnerability fix is reported by mistake.
Fixed form values target setting to use Name as the default value when a Target is not selected.
Fixed a file extension parsing issue related with File Extension List knowledgebase item.
Fixed a custom form authentication API issue where "ns" namespace was conflicting with a global variable on target website - auth API has been moved to "netsparker" namespace preserving the "ns" backward compatibility.
Fixed a DOM Parser and XSS scanner bug that incorrectly followed redirects.
Fixed a form values issue - empty form values should not set any default values for parameters.
Fixed an issue during which the setting of the Connection request header failed.