More Efficient and Precise Web Security Scans with New Netsparker 3.5.5

Wed, 13 Aug 2014 - by Ferruh Mavituna

The new Netsparker version 3.5.5 has an improved URL rewrite rules wizards which allow users to fine tune the scanning of websites using URL rewrite rules for more efficient and precise web security scans.

This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.

A new update of Netsparker Web Application Security Scanner is available for download. This is a minor version update which includes a number of improvements and bug fixes that will improve the efficiency of web security scans.

More Efficient and Precise Scanning of Websites Using URL Rewrite

When using the wizard to configure URL rewrite rules now you can specify the type of the parameter as highlighted in the below screenshot.

Configuring URL Rewrite Rules in Netsparker using the wizard to scan websites using URL Rewrite Rules

Once you specify a parameter type Netsparker will automatically fine tune the regular expression so no extra HTTP requests are sent during a web vulnerability scan. The end result? More efficient and precise web security scans that consume less bandwidth.

Improved DOM Cross-site Scripting Scanner and DOM Parser

In the previous version of Netsparker we launched the all new DOM parser and DOM XSS scanner, enabling Netsparker to detect DOM based cross-site scripting vulnerabilities, which are relatively common in modern HTML5 web applications.

We have already learnt a lot and for this version we optimized both the DOM parser and the DOM XSS scanner to ensure they work more efficiently and detect more variants of the DOM based vulnerabilities.

Since both the DOM parser and scanner are now more efficient, scanning of DOM based cross-site scripting vulnerabilities is now included by default in the built-in scan policies.

Netsparker Version 3.5.5 Change Log

Apart from the above major updates, Netsparker 3.5.5 includes several other improvements and a number of bug fixes. For more detailed information refer to the Netsparker 3.5.5 change log.

Upgrading Netsparker Web Application Security Scanner

If you are already using Netsparker Web Application Security Scanner, a pop up window with the upgrade details will pop up the next time you run Netsparker. Alternatively you can always click Check for Updates from the Help drop down menu to force manual updates.

If you have problems with the upgrade or product related queries, get in touch with our awesome support team by sending us an email on support@netsparker.com.

About the Author

Ferruh Mavituna

Ferruh Mavituna is the founder and CEO of Invicti Security, a world leader in web application vulnerability scanning. His professional obsessions lie in web application security research, automated vulnerability detection, and exploitation features. He has authored several web security research papers and tools and delivers animated appearances at cybersecurity conferences and on podcasts. Exuberant at the possibilities open to organizations by the deployment of automation, Ferruh is keen to demonstrate what can be achieved in combination with Invicti’s award-winning products, Netsparker and Acunetix.

Netsparker 4.1 Release - New Security Checks and Improvements

In this new version of Netsparker Desktop there are two new security checks for web forms and base tag hijacking, and we also have a good number of improvements and bug fixes. Read this blog post for more information of what is new and improved in the only false positive free web application security scanner.

Netsparker 4 - Easier to Use, More Automation and Much More Web Security Checks

We are happy to announce the new Netsparker Desktop 4. The new version can automatically scan applications built with Google Web Toolkit, has an all new fully automated form authentication mechanism and is fully loaded with new web security and vulnerability checks.

Shellshock Bash Remote Code Execution Vulnerability Explained and How to Detect It

The Shellshock Bash vulnerability allows an attacker to send operating system commands to the web server operating system, thus allowing the attacker to take over the server. This web security article explains what is the Shellshock vulnerability and how you can automatically check if your web environment is vulnerable to this critical vulnerability.

Netsparker Web Application Security Scanner 3.5 Features Highlight

Finally Netsparker Web Application Security Scanner version 3.5 is available for download. Check out what is new in this new version of Netsparker and update your Netsparker today to benefit from the latest features and ensure you scan your web applications with the latest web vulnerability security tests.