Netsparker 4.0.2 - 20th April 2015

NEW SECURITY CHECKS

* Added RSA Private Key Detected vulnerability check

IMPROVEMENTS

* Improved Credit Card Disclosure detection
* Reporting cookie name in "Cookie values used in Anti-CSRF token" issue
* Improved "Delegated event" simulation in DOM Parser
* Improved comment order in knowledgebase by displaying comments having sensitive keywords first
* Improved the wording at "ViewState is not Encrypted" vulnerability report template
* Improved DOM Parser and DOM XSS by providing the received response headers to JavaScript context
* Improved Exclude/Include patterns to match parameter names and values in addition to the URL
* Improved resource finder to accept HTTP 401 and 500 status codes when a hidden resource is discovered
* Improved logging of regex timeout issues with additional parameter name and URL information
* Improved reporting API documentation by including more types

FIXES

* Fixed "Options Method Enabled" vulnerability reporting by adding status code checks
* Fixed a NullReferenceException issue that occurs when Netsparker is started using command line
* Fixed an encoding issue for parameter names in multipart/form-data requests
* Fixed an issue related to form authentication verification in which the Continue button is missing on the verification dialog if there is no configured persona
* Fixed click simulation in custom form authentication scripting by preventing the extra click on elements
* Fixed an SSL connection issue where the target web server demands only TLS 1.1 or TLS 1.2 protocols
* Fixed custom data reporting in vulnerability templates by removing the extra space added to the values
* Fixed custom data reporting in vulnerability templates to get rid of the bullet point if there is only a single custom data
* Fixed an issue with "Out of Scope" links reported under knowledgebase where the links discovered in DOM Parser are not reported
* Fixed a report template customization issue where modifying a report template while Netsparker is running was causing it to fail during report generation
* Fixed a multipart/form-data request issue where "filename" attribute was not submitted for file upload parameters
* Fixed a dashboard issue where the progress bar is stuck on Crawl Only scans even though crawling finishes
* Fixed a custom URL rewrite bug where rules with multiple numeric parameters were not being matched
* Fixed custom URL rewrite test interface where only visible rows were being tested before