Netsparker’s 2016 in Review

A high level overview of all the new features that we introduced in our web application security scanner during 2016.

2016 was a great year for Netsparker! We were the first (and only) web application security scanner vendor to introduce a number of cutting-edge technologies that make it possible to scale up web scanning and easily scan 100s and 1000s of websites, without having to spend hours configuring complex tools and days verifying that the vulnerabilities the scanner has detected are not false positives. In 2016 we have also introduced the monthly updates for our web application security scanner. We have also been featured in a number of interviews on some popular podcasts and more, as highlighted in this overview post.

Automating and Scaling Up Web Vulnerability Scanning

The first Netsparker update we released in 2016 focused on automation and scalability. We developed features in the scanner to help users automate much more of both the pre-scan (configuration) and post-scan (verifying the results). The February 2016 update of Netsparker scanner had: Automatic recognition and configuration of URL rewrite rules: you do not need to know the URL rewrite configuration on the target and configure the scanner to crawl and scan all the parameters on the target website. Proof-Based ScanningTM Technology: a technology that automatically generates a proof of exploit of the identified vulnerabilities, so you do not have to manually verify them. Here is a short two minute video on how this technology works, which we have also done in 2016.
In the February 2016 update of Netsparker web application security scanner we also released the:

Monthly Web Security Scanner Updates

Since April 2016 we started releasing a monthly update of both the Netsparker web scanner editions. The advantage of monthly releases is that you do not have to wait four, five or more months to start using a new feature. If a feature is developed, it means it is needed and it will help you automate more, so we will release it once it is ready. Below are some of the highlights from the 2016 product updates: Apart from all the new features and scanner improvements, every month we are introducing new web vulnerability checks and improving the existing ones. We are also frequently adding new security checks such as checks for Subresource Integrity and Content Security Policy, to help you build more secure web applications.

Free Netsparker Enterprise Scans, Interviews and More from Netsparker

In 2016 we have also announced free Netsparker Enterprise web vulnerability scans available for open source projects. Several open source projects already benefit from this campaign, including OpenCart, who are featured in this web security case study. Our CEO Ferruh Mavituna has also been interviewed several times during 2016. Starting with an interview in which he explains what is Netsparker at RSA in San Francisco, and then four more interviews on the popular security show Paul’s Security Weekly. You can watch all the interviews from the below links: We also hosted a webcast with our friends from Denim group on how to optimize your application security program with Netsparker and ThreadFix.

What’s in Store for Netsparker Web Security Scanner in 2017?

In 2016 we have pushed the boundaries of what we can automate in web application security. For 2017 the mantra will be the same. Continue improving the cloud-based and desktop editions of our web application security scanner both in terms of features, ease of use, automation and also scanning capabilities.

About the Author

Ferruh Mavituna - Founder, Strategic Advisor

Ferruh Mavituna is the founder and CEO of Invicti Security, a world leader in web application vulnerability scanning. His professional obsessions lie in web application security research, automated vulnerability detection, and exploitation features. He has authored several web security research papers and tools and delivers animated appearances at cybersecurity conferences and on podcasts. Exuberant at the possibilities open to organizations by the deployment of automation, Ferruh is keen to demonstrate what can be achieved in combination with Invicti’s award-winning products, Netsparker and Acunetix.