Netsparker Standard 5.3 – March 2019 Update

We announce the Netsparker Standard 5.3 update, released in March 2019. Highlights are Scan Policies for PCI and OWASP Top Ten. Other new features are: Netsparker Assistant; scan performance upgrades; OAuth2 authentication; added Integration options for Azure DevOps, Redmine and Bugzilla; a Best Practice Severity Level; and RESTful API features.

We're delighted to announce a Netsparker Standard release. The highlights of this release are the New Scan Policies for PCI and OWASP Top Ten Vulnerabilities. Other new features include:

Scan Policies for PCI and OWASP TOP 10 Vulnerabilities

Netsparker Standard users can now conduct PCI Scans to receive approved PCI compliance reports for their public websites. Users can also discover what vulnerabilities need fixed before their PCI compliance is passed. The Payment Card Industry Security Standards Council sets requirements for security compliance that are the benchmark for the entire industry.

OWASP is the Open Web Application Security Project. They publish a top ten list of critical web application security risks to encourage security and best practice in the web community. Netsparker Standard has now incorporated this list into its scan policy.

Both PCI and OWASP Top Ten features previously existed in Netsparker Standard as report templates only. Now, they are specific security check policies that can be selected from the initial Scan Policy selection.

PCI Logo

For further information, see the PCI Scanning Announcement and Using Netsparker To Comply With The OWASP Application Security Verification Standard When Developing Web Applications.

Netsparker Assistant

Netsparker Assistant is a smart scan assistant that guides you through the scanning process. Its main role is to detect scan configuration problems. They are reported in the Netsparker Assistant notification panel, which provides you with detailed information and buttons to help you navigate through scan settings, or fix the issues.

Netsparker Assistant

In addition, it incorporates a new feature, a real-time implementation of the Scan Policy Optimizer, to iteratively create an optimized version of the current Scan Policy as it detects technologies used on the target website. By default, the Scan Policy Optimizer notifies you when Netsparker Assistant creates an optimized policy, at which point you can switch to it. You can configure Netsparker Assistant in the Options dialog.

Scan Performance Upgrades

Netsparker 5.3 contains new scan performance upgrades that allocate computer resources better. Instead of users controlling the number of concurrent activities, they are now adjusted dynamically throughout the scan by Netsparker, based on a new setting, Requests Per Second. This will increase scan speed by up to a massive 55%, allowing more activities simultaneously without pauses or blockages.

Scan Performance Upgrades

For further information, see Netsparker 5.3 Scan Performance Upgrades.

New OAuth2 Authentication Feature

Netsparker 5.3 now supports the OAuth2 authorization framework. This new feature in Netsparker Standard will enable you to configure scans for websites that require OAuth2 authentication and automate the login process.

New OAuth2 Authentication Feature

For further information, see New OAuth2 Authentication Feature.

Added Integration Options

Netsparker already has built-in integration features with several CI/CD tools to help you automate more of your tasks. In this update, we have added further Send To implementations, which allows users to send the vulnerability details to:

  • Azure DevOps
  • Redmine
  • Bugzilla

New Best Practice Severity Level

Netsparker Standard has a new Best Practice Severity Level. This is for detected issues that are recommended practices but are not vulnerabilities and are less serious than Information Alerts. For example, it will inform users of Netsparker Standard if they have a Content Security Policy (CSP) or Referrer-Policy that is not implemented.

New Best Practice Severity Level

For further information, see Vulnerability Severity Levels.

New RESTful API Features

Netsparker Standard has added two new RESTful API features:

  • Added RESTful API modeling language (RAML) link import support
  • Added support for importing links from WordPress REST API files

New RESTful API Features

For further information, see Finding Vulnerabilities in RESTful Web Services Automatically with a Web Security Scanner.

Further Information

For a complete list of what is new, improved and fixed in this update, refer to the Netsparker Standard changelog.