Netsparker 4.1.0 - 12th May 2015

NEW SECURITY TESTS

* Form Hijacking Security Checks added
* Base Tag Hijacking Security Checks added

IMPROVEMENTS

* Added several new backup file checks to improve the coverage
* Improved the number of combinations that Common Directory checks find
* Added support for using digits in custom URL rewrite parameter names
* Added new XSS attack patterns to detect a full URL vulnerability and remote XSS attacks
* Added HTTP POST method support for Open Redirection security tests
* Improved resource finder behavior by falling back to GET requests when HEAD requests are failing
* Improved detection of XSS vulnerabilities in CSS blocks
* Improved vulnerability template for Open Redirection vulnerabilities
* Increased coverage by finding LFI vulnerabilities exposed to file:// protocol
* Set default maximum vulnerability report limit to 1000 for active engines
* Improved detection of Remote Code Execution and DoS in HTTP.sys vulnerability

FIXES

* Fixed a race condition issue which occurs while adding new links on DOM simulation
* Fixed an InvalidOperationException issue which occurs while trying to apply token parameter values
* Fixed incorrect parsing of multiple response headers with same name on DOM simulation and DOM XSS attacks
* Fixed a vulnerability template generation issue where temporary files were being kept on disk
* Fixed installer to handle .NET framework versions released after 4.5.2
* Fixed the incorrect description text for SQL Injection security test on scan policy editor dialog
* Fixed "Maximum 404 Pages to Attack" scan policy option which was previously limiting the maximum page number to 10 no matter what set with this option