April 2017 Netsparker Enterprise Update

These release notes cover what is new, improved and fixed in the update of Netsparker Enterprise for April 2017.

We have just updated Netsparker Enterprise, our online web application security scanner.

In this new update we included a wizard to help first time users add their first website to Netsparker Enterprise and launch a web application security scan. We also added support for late confirmation of web vulnerabilities; there are scenarios in which some vulnerabilities, such as blind and second order ones cannot be confirmed by Netsparker Hawk testing infrastructure while the scan is running. Therefore if a vulnerability is identified and confirmed after the scan has finished, you will be alerted via email about it.

In this update of Netsparker Enterprise, we also included a good number of crawler coverage, vulnerability detection, performance and UI improvements. Last but not least, we added new security checks for time based Server-Side Request Forgery, insecure targets in Content Security Policy, added markdown injection attack pattern in the XSS engine and more.

For a complete list of what is new, improved and fixed in this month’s update of our dead accurate web application security scanner, please refer to the changelog.

About the Author

Ferruh Mavituna - Founder, Strategic Advisor

Ferruh Mavituna is the founder and CEO of Invicti Security, a world leader in web application vulnerability scanning. His professional obsessions lie in web application security research, automated vulnerability detection, and exploitation features. He has authored several web security research papers and tools and delivers animated appearances at cybersecurity conferences and on podcasts. Exuberant at the possibilities open to organizations by the deployment of automation, Ferruh is keen to demonstrate what can be achieved in combination with Invicti’s award-winning products, Netsparker and Acunetix.