Netsparker 4.0.1 - 26th March 2015

IMPROVEMENTS

  • Improved coverage of DOM based XSS engine
  • Improved the search on raw response viewer
  • Improved form authentication API click functions to mark/unmark checkbox elements
  • Improved "Insecure transportation security protocol (SSLv3)" vulnerability template
  • Added the page URL and the number of the page as a log to verification dialog while executing custom scripts
  • Added the number of custom script pages to the hint on verification dialog and the hint now has a tooltip that displays the custom script code
  • Improved DOM parser to handle both on and off states of checkbox elements
  • Improved the message on cases where File > Import fails due to old scan file format
  • Added TextParserRegexTimeout advanced setting to modify the timeout value of pattern matching in Text Parser
  • Added the request URL as a log to tell which request has a response that matches current logout pattern of form authentication
  • Improved memory handling to prevent Out-of-memory issues during long scans
  • Improved the pattern match logs to be issued once to prevent the clutter

FIXED

  • Fixed a crash that occurs during application close while trying to log a message to UI
  • Fixed report templates to include correct lower-case versions of image file names to display them correctly on case-sensitive OS file systems
  • Fixed a crash in form authentication verification where missing persona causes issues during logout detection
  • Fixed custom script execution in form authentication to skip execution of auto login script on pages where script is deliberately left blank
  • Fixed a few crashes that occur when the custom script window is closed while the page was loading
  • Fixed an issue with logout detection where invalid URLs could be accepted as overridden login required URL
  • Fixed creation of redundant Documents\Netsparker\Credential folder on new installations
  • Fixed random missing developer tools pane on custom script window
  • Fixed a crash that happens when the form authentication verification dialog is closed during logout keyword detection
  • Fixed several memory issues where redundant object instances were not reclaimed
  • Fixed a memory issue where long parameter values causing large memory allocations
  • Fixed signature generation for URL Rewrite links