More Efficient and Precise Web Security Scans with New Netsparker 3.5.5

Wed, 13 Aug 2014 - by Ferruh Mavituna

The new Netsparker version 3.5.5 has an improved URL rewrite rules wizards which allow users to fine tune the scanning of websites using URL rewrite rules for more efficient and precise web security scans.

This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.

A new update of Netsparker Web Application Security Scanner is available for download. This is a minor version update which includes a number of improvements and bug fixes that will improve the efficiency of web security scans.

More Efficient and Precise Scanning of Websites Using URL Rewrite

When using the wizard to configure URL rewrite rules now you can specify the type of the parameter as highlighted in the below screenshot.

Configuring URL Rewrite Rules in Netsparker using the wizard to scan websites using URL Rewrite Rules

Once you specify a parameter type Netsparker will automatically fine tune the regular expression so no extra HTTP requests are sent during a web vulnerability scan. The end result? More efficient and precise web security scans that consume less bandwidth.

Improved DOM Cross-site Scripting Scanner and DOM Parser

In the previous version of Netsparker we launched the all new DOM parser and DOM XSS scanner, enabling Netsparker to detect DOM based cross-site scripting vulnerabilities, which are relatively common in modern HTML5 web applications.

We have already learnt a lot and for this version we optimized both the DOM parser and the DOM XSS scanner to ensure they work more efficiently and detect more variants of the DOM based vulnerabilities.

Since both the DOM parser and scanner are now more efficient, scanning of DOM based cross-site scripting vulnerabilities is now included by default in the built-in scan policies.

Netsparker Version 3.5.5 Change Log

Apart from the above major updates, Netsparker 3.5.5 includes several other improvements and a number of bug fixes. For more detailed information refer to the Netsparker 3.5.5 change log.

Upgrading Netsparker Web Application Security Scanner

If you are already using Netsparker Web Application Security Scanner, a pop up window with the upgrade details will pop up the next time you run Netsparker. Alternatively you can always click Check for Updates from the Help drop down menu to force manual updates.

If you have problems with the upgrade or product related queries, get in touch with our awesome support team by sending us an email on support@netsparker.com.

Your Information will be kept private.

Ferruh Mavituna

About the Author

Ferruh Mavituna

Ferruh Mavituna is the founder and CEO of Invicti Security, a world leader in web application vulnerability scanning. His professional obsessions lie in web application security research, automated vulnerability detection, and exploitation features. He has authored several web security research papers and tools and delivers animated appearances at cybersecurity conferences and on podcasts. Exuberant at the possibilities open to organizations by the deployment of automation, Ferruh is keen to demonstrate what can be achieved in combination with Invicti’s award-winning products, Netsparker and Acunetix.