This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
18th March 2015, London – Netsparker Ltd today announced the release of Netsparker Desktop version 4, the leading false positive free web application security scanner that simulates malicious hacker attacks and enables users to automatically identify vulnerabilities and security flaws in their websites and web applications.
The new version of the desktop edition of Netsparker web application security scanner is very easy to use even when compared to its predecessors. It can automatically scan and identify vulnerabilities in web applications built with Google Web Toolkit and in file upload forms. It also has an all new fully automated form authentication mechanism, as explained below.
Easily Scan Password Protected Websites
The new authentication mechanism of Netsparker Desktop emulates a real user login. An out of the box installation supports two-factor authentication and other one time tokens that are typically used in modern websites.
Configuring form based authentication in Netsparker Desktop is easier than ever before. There is no need to record any macros, just enter the login form URL and the credentials and the rest is done automatically by the scanner.
Automatically Scan Google Web Toolkit Web Applications
Scanning Websites & Web Applications Just Got Easier
Netsparker Desktop is the web application security scanner of choice for many because it is very easy to us. And with the new Start a New Scan dialog, launching an automated web application security scan just got easier.
The new Start a New Scan dialog only contains the generic scan settings that are typically required to launch a web application security scan such as scope settings, URL rewrite rules, Imported links and authentication settings. Other advanced scan settings such as HTTP connection details can be configured from the Scan Policy Editor.
Identify Vulnerabilities in File Upload Forms
Many modern web applications such as e-banking and customer portals, and even popular social networking services such as Facebook and Twitter allow users to upload files. Such file upload forms can lead to many security issues that might cause malicious attackers to gain complete access to your servers.
Using the new version of Netsparker Web Application Security Scanner you can now automatically scan file upload forms and check if they are vulnerable to malicious attacks. For example Netsparker will alert you if the file upload form has good validation in place or if any of the security validation checks can be bypassed.
Other New Netsparker Desktop Features, Security Checks and Improvements
Apart from the above the new version of Netsparker also includes some other new features and security checks. Below are a few new vulnerability checks that are included in the new version of Netsparker Desktop:
- Cross Frame Options Security checks
- XML External Entity vulnerability
- Cross Origin Resource Sharing checks
In the new version of Netsparker Desktop there are also a good number of product improvements which are fundamental to ensure more efficient and accurate web application security scans. Below is a list of just a few of the improvements in Netsparker version 4:
- DOM XSS attack patterns have been improved for more accurate detection
- Increased the coverage of Open Redirect vulnerabilities
- Improved connection string detection to cover more cases and run faster
- Added Retest All functionality allowing users to easily retest all identified vulnerabilities
For more details about what is new and improved in the latest version of the web application security scanner Netsparker Desktop read the Netsparker Desktop 4 Features Highlights.