Netsparker 220.127.116.1104 - 16th June 2016
NEW SECURITY CHECKS
- Added Samesite cookie attribute check.
- Added Reverse Tabnabbing check.
- Added Subresource Integrity (SRI) Not Implemented check.
- Added Subresource Integrity (SRI) Hash Invalid check.
- Various memory usage improvements to handle large web sites.
- Improved vulnerability templates by adding product information when a 3rd party web application (WordPress, Drupal, Joomla, etc.) is discovered.
- Improved DOM simulation by supporting HTTP responses that is translated to HTML web pages using XSLT.
- Improved coverage of LFI engine.
- Added name completion for profile save as dialog.
- Updated missing localized text for Korean translation.
- Fixed the issue of form authentication remembers the cookies from the previous scan while using the same Netsparker instance for a new scan.
- Fixed the incorrect progress bar while performing a controlled scan.
- Fixed the issue of DOM Based XSS security checks enabled status were not being logged.
- Fixed the "Cross-site Scripting via Remote File Inclusion" vulnerability was not being confirmed issue.
- Fixed JIRA Send To action issue where the port number of the JIRA service were being ignored.
- Fixed the NullReferenceException thrown when scan is paused and resumed during performing form authentication.
- Fixed the incorrect form value issue when the #DEFAULT# form value is removed.
- Fixed the broken layout of input controls on basic authentication dialog shown during form authentication.
- Fixed the error reporting issue occurs when log file collection and/or compression fails.
- Fixed the HTTP Archive Importer issue where POST method was parsed as GET when postData is empty.
- Fixed the ObjectDisposedException thrown on form authentication verification dialog.
- Fixed a bug where GWT parameter cannot be detected which contains a Base64 encoded value.
- Fixed a time span parsing bug in Knowledge base report templates.
- Fixed an issue where some vulnerabilities are treated as fixed while retesting.
- Fixed an issue where XSS proof URL was missing alert function call.
- Fixed a typo on "Base Tag Hijacking" vulnerability template.