Netsparker Cloud Update - 30th June 2016
NEW SECURITY CHECKS
- Added Samesite cookie attribute check.
- Added Reverse Tabnabbing check.
- Added Subresource Integrity (SRI) Not Implemented check.
- Added Subresource Integrity (SRI) Hash Invalid check.
- Various memory usage improvements to better handle large websites.
- Improved vulnerability templates by adding product information when a 3rd party web application (WordPress, Drupal, Joomla, etc.) is discovered.
- Improved DOM simulation by supporting HTTP responses that is translated to HTML web pages using XSLT.
- Improved coverage of Local File Inclusion security check engine.
- Improved the automatic form authentication script to click the "button" HTML elements if no suitable button is found.
- Improved the "HTML Base Tag Hijacking" vulnerability template.
- Improved the long-term memory usage of the DOM simulation and cross-site scripting (XSS) scanning.
- DOM simulation smart filtering now prunes unnecessary DOM branches.
- Improved the detection of "Redirect Body Too Large" vulnerability.
- Fixed the "Cross-site Scripting via Remote File Inclusion" vulnerability, which was not being confirmed automatically.
- Fixed the incorrect form value issue when the #DEFAULT# form value is removed.
- Fixed an HTTP Archive Importer issue during which the POST method was parsed as GET when postData is empty.
- Fixed a bug in which a GWT parameter that contained a Base64 encoded value was not detected.
- Fixed a time span parsing bug in Knowledge base report templates.
- Fixed an issue in which some vulnerabilities are treated as fixed while retesting.
- Fixed an issue in which XSS proof URL was missing alert function call.
- Fixed a NullReferenceException that can be thrown by the Subresource integrity security checks.
- Fixed cURL login sample in API documentation.