Netsparker Enterprise Updated with New Security Checks and Several Other Service Improvements

The new update of Netsparker Enterprise include several new web security checks, an improved heauristic and automated URL Rewrite technology, improved DOM XSS security checks and several service improvements.

Last week we applied a new major update to Netsparker Enterprise, our online web application security scanning service. Below is an overview of what is new, improved and fixed in update 20160311.

New Start a New Scan Interface

Launching a new web application security scan with Netsparker Enterprise

The new Start a New Scan interface is more intuitive. You can configure every aspect of the web application security scan and the Scan Profile without having to scroll down through a long list of settings.

Scan Profiles Improvements

When you save the settings of web security scan as a Scan Profile in Netsparker Enterprise, now you can tick the Shared checkbox so the Scan Profile is shared with all the Netsparker Enterprise team members.

Tick the Shared checkbox to share the Scan Profile with other Netsparker Enterprise team members

You can also configure a Primary Scan Profile for a website. Therefore each time you want to configure a new scan for that website, the Primary Scan Profile will be selected by default.

New & Improved Web Security Checks

In this update we also included a number of new security checks for the HTTP Strick Transport Security (HSTS) mechanism and improved the JavaScript and DOM parser, which also mean more advanced DOM XSS vulnerability security checks.

We also updated our existing SSL / TLS security check to issue an alert should their SSL / TLS implementation be vulnerable to the new DROWN SSL/TLS vulnerability, that essentially allows the attackers to break the encryption and read the communication. Refer to the DROWN vulnerability website for more details on the vulnerability.

Other Netsparker Enterprise Improvements & Bug Fixes

We applied several other improvements in this update 20160311 of Netsparker Enterprise. For example we improved the heuristic URL Rewrite technology to automatically identify more patterns and added several new JavaScript settings in Scan Policies. For a more detailed list of what is new, improved and fixed please refer to the Netsparker Enterprise changelog.

 

About the Author

Ferruh Mavituna - Founder, Strategic Advisor

Ferruh Mavituna is the founder and CEO of Invicti Security, a world leader in web application vulnerability scanning. His professional obsessions lie in web application security research, automated vulnerability detection, and exploitation features. He has authored several web security research papers and tools and delivers animated appearances at cybersecurity conferences and on podcasts. Exuberant at the possibilities open to organizations by the deployment of automation, Ferruh is keen to demonstrate what can be achieved in combination with Invicti’s award-winning products, Netsparker and Acunetix.