This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
We're delighted to announce a Netsparker Standard release. The highlights of this release are the New Scan Policies for PCI and OWASP Top Ten Vulnerabilities. Other new features include:
- Netsparker Assistant, a smart scan assistant
- Scan performance upgrades
- New OAuth2 Authentication feature
- Added integration options for Azure DevOps, Redmine and Bugzilla
- New Best Practice severity level
- New RESTful API features
Scan Policies for PCI and OWASP TOP 10 Vulnerabilities
Netsparker Standard users can now conduct PCI Scans to receive approved PCI compliance reports for their public websites. Users can also discover what vulnerabilities need fixed before their PCI compliance is passed. The Payment Card Industry Security Standards Council sets requirements for security compliance that are the benchmark for the entire industry.
OWASP is the Open Web Application Security Project. They publish a top ten list of critical web application security risks to encourage security and best practice in the web community. Netsparker Standard has now incorporated this list into its scan policy.
Both PCI and OWASP Top Ten features previously existed in Netsparker Standard as report templates only. Now, they are specific security check policies that can be selected from the initial Scan Policy selection.
For further information, see the PCI Scanning Announcement and Using Netsparker To Comply With The OWASP Application Security Verification Standard When Developing Web Applications.
Netsparker Assistant is a smart scan assistant that guides you through the scanning process. Its main role is to detect scan configuration problems. They are reported in the Netsparker Assistant notification panel, which provides you with detailed information and buttons to help you navigate through scan settings, or fix the issues.
In addition, it incorporates a new feature, a real-time implementation of the Scan Policy Optimizer, to iteratively create an optimized version of the current Scan Policy as it detects technologies used on the target website. By default, the Scan Policy Optimizer notifies you when Netsparker Assistant creates an optimized policy, at which point you can switch to it. You can configure Netsparker Assistant in the Options dialog.
Scan Performance Upgrades
Netsparker 5.3 contains new scan performance upgrades that allocate computer resources better. Instead of users controlling the number of concurrent activities, they are now adjusted dynamically throughout the scan by Netsparker, based on a new setting, Requests Per Second. This will increase scan speed by up to a massive 55%, allowing more activities simultaneously without pauses or blockages.
For further information, see Netsparker 5.3 Scan Performance Upgrades.
New OAuth2 Authentication Feature
Netsparker 5.3 now supports the OAuth2 authorization framework. This new feature in Netsparker Standard will enable you to configure scans for websites that require OAuth2 authentication and automate the login process.
For further information, see New OAuth2 Authentication Feature.
Added Integration Options
Netsparker already has built-in integration features with several CI/CD tools to help you automate more of your tasks. In this update, we have added further Send To implementations, which allows users to send the vulnerability details to:
- Azure DevOps
New Best Practice Severity Level
Netsparker Standard has a new Best Practice Severity Level. This is for detected issues that are recommended practices but are not vulnerabilities and are less serious than Information Alerts. For example, it will inform users of Netsparker Standard if they have a Content Security Policy (CSP) or Referrer-Policy that is not implemented.
For further information, see Vulnerability Severity Levels.
New RESTful API Features
Netsparker Standard has added two new RESTful API features:
- Added RESTful API modeling language (RAML) link import support
- Added support for importing links from WordPress REST API files
For further information, see Finding Vulnerabilities in RESTful Web Services Automatically with a Web Security Scanner.
For a complete list of what is new, improved and fixed in this update, refer to the Netsparker Standard changelog.