This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
15th July 2014, London – Netsparker Ltd today announced the release of Netsparker Web Application Security Scanner Version 3.5, the leading false positive free web vulnerability scanner that simulates malicious hacker attacks and enables web application security professionals to automatically identify vulnerabilities and other security issues in their web applications.
The new version of Netsparker Web Application Security Scanner can automatically detect the widely exploited DOM based cross-site scripting vulnerability in web applications. It also has a new Chrome based crawler that allows it to crawl a wider variety of web applications and has an all new user friendly wizard that allows users to easily configure URL rewrites rules to scan parameters in URLs.
Automatically Detect DOM Cross-Site Scripting with Netsparker
Unlike the traditional cross-site scripting vulnerability, DOM XSS affects the script code in the client’s web browser. Since many modern Web 2.0 and HTML 5 web application heavily depend on client-side scripts, most of them are typically susceptible to DOM XSS. As a matter of fact, malicious hackers are taking advantage of this vulnerability, making DOM XSS a popular exploited vulnerability.
The latest version of Netsparker can automatically identify DOM based cross-site scripting vulnerabilities in modern web applications. Once the vulnerability is detected, Netsparker will report all the technical details developers need to learn about this modern vulnerability and remediate the issue as soon as possible.
Configure URL Rewrite Rules via a Wizard to Attack Parameters in URL
Unlike with other security products, configuring URL rewrite rules in Netsparker is very easy and is done via a user friendly wizard. You do not need to know about regular expressions and specify complicated patterns. You do not even need to know what are the actual URL rewrite rules are written and have access to web server configuration files. Simply follow the user friendly wizard to automatically configure the URL rewrite rules.
Once URL rewrite rules are configured the parameters used in URLs will be automatically crawled and attacked by the web vulnerability scanner to uncover any potential vulnerabilities such parameters might be vulnerable to.
Improved Web Applications Coverage with New Chrome Based Crawler
If a vulnerable parameter is not crawled, it won’t be scanned and the vulnerability will not be uncovered. The new version of Netsparker has a new Chrome based crawler that allows it to crawl and better understand client scripts used in modern Web 2.0 and HTML5 web applications, thus leaving no stone unturned.
With the introduction of the new Chrome based crawler Netsparker’s coverage has been improved, therefore Netsparker can now crawl a wider variety of web applications and detect vulnerabilities and security issues in them.
Other Netsparker Improvements and New Web Security Checks
The new version of Netsparker Web Application Security Scanner also includes a number of improvements and new vulnerability checks that allow the web vulnerability scanner to identify more vulnerabilities and scan more reliably. Below are just some highlights of the new vulnerability checks and improvements:
- Possible Source Code Disclosure for Perl, Python, Ruby and Java
- Java Stack Trace Disclosure
- Improved the coverage of Remote Code Execution via LFI vulnerabilities
- Improved cross-site scripting vulnerability confirmation patterns
- Improved the Form Authentication wizard
- Improved the DOM parser
For more details about what is new and improved in the latest version of Netsparker Web Application Security Scanner read the Netsparker 3.5 features highlight notes.
About Netsparker Ltd
Netsparker Ltd is a young and enthusiastic UK based company. Netsparker is focused on developing a single automated web security product, the false positive free Netsparker Web Application Security Scanner. Netsparker management and engineers have more than a decade of experience in the web application security industry that is reflected in their product, Netsparker Web Application Security Scanner. Founded in 2009, Netsparker’s automated web vulnerability scanner is one of the leading security tools used by world renowned companies such as Samsung, NASA, Skype, ING and Ernst & Young.