This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
As developers build more sophisticated HTML5 web applications, they are also exposing new security issues yet undetected by most of the automated tools available in the market. Netsparker 3.1 addresses such issue by understanding the new features of HTML5 during crawling and also by supporting emerging development trends such as using JSON/XML payloads in HTTP requests.
These new capabilities allows Netsparker to automatically crawl, attack and find vulnerabilities in modern web applications.
20th November 2013, London – Netsparker today announced Netsparker 3.1, the leading false positive free web application security scanner that emulates real world malicious hacker attacks during web application vulnerability detection tests enabling businesses to develop and maintain secure websites and web applications.
The new and much improved version of the false positive free web application security scanner Netsparker allows developers, penetration testers and everyone involved in the development and securing of web applications to automatically identify the latest trend of web vulnerabilities and other security issues exploited by malicious hackers in modern HTML5 web applications.
“The web industry is evolving and applications are getting more complex. Automated security tools should stay on top of the game and support these new technologies well to help organizations secure their web applications.” Ferruh Mavituna, CEO of Netsparker said. “By introducing new functionality developers are also exposing new security issues that malicious hackers can exploit to hack into web applications and infiltrate corporate networks. Hence why Netsparker version 3.1 introduced complete support for HTML5 and new security checks for HTML5 specific features.” continued Mavituna.
Netsparker Web Application Security Scanner 3.1 New Feature Highlights
Identify More Vulnerabilities in HTML5 Web Applications
The new Netsparker HTML5 engine will automatically crawl and identify potential attack surfaces on HTML5 web applications to find more web application vulnerabilities by understanding HTML5 specific features.
More Advanced Attacks on Dynamic Web 2.0 Applications
Netsparker can parse and attack JSON and XML payloads in HTTP requests, typically used in modern Web 2.0 applications. In other words, this new version of Netsparker will uncover a new trend of potential vulnerabilities in web 2.0 applications that could leave you and your business exposed.
Configure Less, Scan More
Gone are the days when you had to reconfigure the scanner each time you had to scan a website with different requirements. In the new version of Netsparker the scan settings have now been merged into the Scan Profiles so you can save specific scan settings per website for later use.
Get to Know your Web Applications Better
Netsparker does not scan ActiveX, Java Applets, and Flash. It only reports the existence of such components under the Knowledge Base to provide more information about the target web application.
Improved Logging for Better Troubleshooting
Now it is even easier to make a complete penetration test and analyse the scan results. With the new Netsparker 3.1 you can log all HTTP requests and responses sent and received during a security scan. The HTTP logs can be exported in a format compatible with Fiddler, hence you can use Fiddler to analyze your web applications’ behaviour to help you identify logical vulnerabilities.
Automatically Detect CSRF Vulnerabilities
Netsparker 3.1 raised the bar in web application security by allowing developers and penetration testers to identify Cross-site Request Forgery vulnerabilities automatically.
Other Netsparker 3.1 Features and Improvements
- Improved most of the security checks for a better detection rate
- Vulnerability database can now be updated without the need to update the software
- Attack possibility calculations has been improved for more accurate scan results
- Added new security checks for well known web applications such as WordPress and Joomla.
- Added new security checks for web server software such as Apache and NGinX
- Added new security checks for web development frameworks such as PHP
For more details about what is new and improved in Netsparker 3.1 read Netsparker Version 3.1 New Features and Improvements.
Download Netsparker Web Application Security Scanner
Are your web applications secure or are they vulnerable to hacker attacks? Download a 15 day trial of Netsparker, the only False Positive Free Web Application Security Scanner to find out.
Pricing and Availability
Netsparker 3.1 starts at $1,950 and is licensed per seat per year. It is available through Netsparker and through all Netsparker resellers.
More information about Netsparker and Netsparker is available at https://www.invicti.com
Press contact: firstname.lastname@example.org
Netsparker is a young and enthusiastic UK based company. Netsparker is focused on developing a single web security product, the false positive free Netsparker Web Application Security Scanner. Founded in 2009, Netsparker is one of the leading web application security scanners and is used by world renowned companies such as Samsung, NASA, Skype, ING and Ernst & Young.