Netsparker 3.2 - 22nd January 2014

Read the blog post for more details about this version

NEW WEB SECURITY TESTS

  • Added attack patterns for LFI vulnerability which is revealed with only backslashes in file path

  • Added Programming Error Message vulnerability detection for SOAP faults

  • Added AutoComplete vulnerability for password inputs

  • NuSOAP version disclosure

  • NuSOAP version check

NEW FEATURES

  • SOAP Web Services scanning - ability to scan SOAP web services for security issues and vulnerabilities

  • Request and Response viewers to view HTTP requests/responses like XML and JSON tree views

  • New knowledge base node that will include all AJAX/XML HTTP Requests

  • New value matching options for form values other than regex pattern (exact, contains, starts, ends)

  • New report template for parsing source information Crawled URLs List (CSV)

IMPROVEMENTS

  • Improved XSS vulnerability confirmation

  • Improved Generic Source Code Disclosure security check by excluding JavaScript and CSS resources

  • Added latest version custom field for the version vulnerabilities

  • Added standard context menus to text editors

  • Sitemap tree will display nodes of JSON, XML and SOAP requests and responses with no parameters

  • Added force option to form value settings to enforce user specified values

  • Optimized attack patterns for JSON and XML attacks by reducing attack requests

  • Optimized Common Directories list and removed the limit for Extensive Security Checks policy

  • Improved the license dialog to show whether a license is missing or expired

FIXES

  • Fixed update dialog to not show in autopilot mode

  • Fixed an interim auto update crash

  • Fixed typo in Out of Scope Links knowledge base report template

  • Fixed an issue in LFI exploiter where XML tags with namespace prefixes was preventing exploitation

  • Fixed Controlled Scan button disabled issue for some sitemap nodes

  • Fixed parameter anchors in Vulnerability Summary table of Detailed Scan Report template

  • Fixed form authentication wizard to use user agent set on currently selected policy

  • Fixed zero response time issue for some sitemap nodes

  • Fixed dashboard progress bar showing 100%

  • Fixed random crashes on license dialog while loading license file or closing dialog

  • Fixed Microsoft Anti-XSS Library links on vulnerability references