We're delighted to announce a Netsparker Enterprise update. The highlights in this update include a new Technologies feature, new issue tracking and other software integrations, new security checks, and new API Endpoints. Other updated features in December 2019 for Netsparker Enterprise include a new Scan Profiles page, new scan notifications for Slack, and a new Comments box. This announcement highlights what is new in this latest Netsparker Enterprise update. Many of these new features have originated from customer requests, while others provide further support and options for already existing features.
New Technologies FeatureThe new Technologies feature in Netsparker Enterprise finds and lists the technologies used in scanned web applications. It reports on details and potential security risks, such as whether the technologies are in use, not in use or out-of-date. A notification is sent to the relevant person. It also detects whether any problematic technologies have been fixed by the software vendor. A new Technologies Dashboard has also been added, to display detected technologies in aggregate. For further information, see Technologies.
New IntegrationsNetsparker Enterprise already has many out-of-the-box integrations. With this latest update, several new integrations are available.
Issue Tracking Systems
Continuous Integration Systems
Team Messaging Systems
- Microsoft Teams
- Users now have the ability to create custom fields for the ServiceNow integration
- There is improved Jira integration to support raw values for complex custom field types
New Security ChecksWe have added a new security check BREACH Attack Detection.
BREACH AttackEven if you use an SSL/TLS to protect your network connections, attackers can still view your encrypted traffic and force you to inadvertently send HTTP requests to a vulnerable web server. They then have access to your connection and uncover sensitive information. A BREACH attack, enabling an attacker to 'eavesdrop' on the connection, is possible when web applications meet the following conditions. This security check searches on these criteria:
- SSL/TLS-secured connection
- HTTP level compression (using gzip or Deflate)
- Reflected user-controlled input in the page
- Sensitive data that is attractive to attackers