Netsparker Web Application Security Scanner Fully Supports HTML5

Press Release | Netsparker Ltd announces the latest version of their web vulnerability scanner that allows organizations to automatically scan HTML5 web applications and launch more advanced attacks against modern dynamic web 2.0 applications. For more details about all of the new features in Netsparker Web Application Security Scanner version 3.1 read this press release

As developers build more sophisticated HTML5 web applications, they are also exposing new security issues yet undetected by most of the automated tools available in the market. Netsparker 3.1 addresses such issue by understanding the new features of HTML5 during crawling and also by supporting emerging development trends such as using JSON/XML payloads in HTTP requests.

These new capabilities allows Netsparker to automatically crawl, attack and find vulnerabilities in modern web applications.

20th November 2013, London – Netsparker today announced Netsparker 3.1, the leading false positive free web application security scanner that emulates real world malicious hacker attacks during web application vulnerability detection tests enabling businesses to develop and maintain secure websites and web applications.

The new and much improved version of the false positive free web application security scanner Netsparker allows developers, penetration testers and everyone involved in the development and securing of web applications  to automatically identify the latest trend of web vulnerabilities and other security issues exploited by malicious hackers in modern HTML5 web applications.

“The web industry is evolving and applications are getting more complex. Automated security tools should stay on top of the game and support these new technologies well to help organizations secure their web applications.” Ferruh Mavituna, CEO of Netsparker said. “By introducing new functionality developers are also exposing new security issues that malicious hackers can exploit to hack into web applications and infiltrate corporate networks. Hence why Netsparker version 3.1 introduced complete support for HTML5 and new security checks for HTML5 specific features.” continued Mavituna.

Netsparker Web Application Security Scanner 3.1 New Feature Highlights

Identify More Vulnerabilities in HTML5 Web Applications

The new Netsparker HTML5 engine will automatically crawl and identify potential attack surfaces on HTML5 web applications to find more web application vulnerabilities by understanding HTML5 specific features.

More Advanced Attacks on Dynamic Web 2.0 Applications

Netsparker can parse and attack JSON and XML payloads in HTTP requests, typically used in modern Web 2.0 applications. In other words, this new version of Netsparker will uncover a new trend of potential vulnerabilities in web 2.0 applications that could leave you and your business exposed.

Configure Less, Scan More

Gone are the days when you had to reconfigure the scanner each time you had to scan a website with different requirements. In the new version of Netsparker the scan settings have now been merged into the Scan Profiles so you can save specific scan settings per website for later use.

Get to Know your Web Applications Better

The more you know about your web applications the better you can secure them. The new version of Netsparker will compile much more information and report it in the new Knowledge Based nodes such as frames with external URL’s, Adobe Flash movies, Java Applets, ActiveX objects, comments in HTML, JavaScript and CSS and much more.

Netsparker does not scan ActiveX, Java Applets, and Flash. It only reports the existence of such components under the Knowledge Base to provide more information about the target web application.

Improved Logging for Better Troubleshooting

Now it is even easier to make a complete penetration test and analyse the scan results. With the new Netsparker 3.1 you can log all HTTP requests and responses sent and received during a security scan. The HTTP logs can be exported in a format compatible with Fiddler, hence you can use Fiddler to analyze your web applications’ behaviour to help you identify logical vulnerabilities.

Automatically Detect CSRF Vulnerabilities

Netsparker 3.1 raised the bar in web application security by allowing developers and penetration testers to identify Cross-site Request Forgery vulnerabilities automatically.

Other Netsparker 3.1 Features and Improvements

  • Improved most of the security checks for a better detection rate
  • Vulnerability database can now be updated without the need to update the software
  • Attack possibility calculations has been improved for more accurate scan results
  • Added new security checks for well known web applications such as WordPress and Joomla.
  • Added new security checks for web server software such as Apache and NGinX
  • Added new security checks for web development frameworks such as PHP

For more details about what is new and improved in Netsparker 3.1 read Netsparker Version 3.1 New Features and Improvements.

Download Netsparker Web Application Security Scanner

Are your web applications secure or are they vulnerable to hacker attacks? Download a 15 day trial of Netsparker, the only False Positive Free Web Application Security Scanner to find out.

Pricing and Availability

Netsparker 3.1 starts at $1,950 and is licensed per seat per year. It is available through Netsparker and through all Netsparker resellers.

More information about Netsparker and Netsparker is available at

Press contact:

About Netsparker

Netsparker is a young and enthusiastic UK based company. Netsparker is focused on developing a single web security product, the false positive free Netsparker Web Application Security Scanner. Founded in 2009, Netsparker is one of the leading web application security scanners and is used by world renowned companies such as Samsung, NASA, Skype, ING and Ernst & Young.

About the Author

Ferruh Mavituna - Founder, Strategic Advisor

Ferruh Mavituna is the founder and CEO of Invicti Security, a world leader in web application vulnerability scanning. His professional obsessions lie in web application security research, automated vulnerability detection, and exploitation features. He has authored several web security research papers and tools and delivers animated appearances at cybersecurity conferences and on podcasts. Exuberant at the possibilities open to organizations by the deployment of automation, Ferruh is keen to demonstrate what can be achieved in combination with Invicti’s award-winning products, Netsparker and Acunetix.