Netsparker Desktop Updated with DROWN SSL/TLS Security Check and More

Fri, 11 Mar 2016 - by Robert Abela

This post gives an overview of what is new and improved in the latest Netsparker Desktop updates. The new updates also include new security checks for the new DROWN SSL/TLS vulnerability and several new security checks for the HSTS mechanism.

This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.

This month we have already released two updates for Netsparker Desktop web application security scanner. Below is an overview of what is new and improved.

New DROWN SSL Security Check

Netsparker Desktop will automatically check if the target is vulnerable to the DROWN vulnerability. We released the update just two days after the vulnerability was made public, in version 4.5.7.10205. DROWN is another SSL/TLS vulnerability with which attackers can force people to use insecure algorithms, thus allowing them to read the communication between the user and the server. You can read more about the DROWN vulnerability from the vulnerability website.

New HSTS Security Checks

In version 4.5.8 of Netsparker Desktop we also included a number of new security checks for the HTTP Strict Transport Security (HSTS) mechanism.

Other Improvements in Netsparker Desktop

In this March update of Netsparker Desktop web application security scanner we have also:

Improved the JavaScript/DOM simulation, which also means better DOM XSS security checks,
Improved the heuristic URL Rewrite technology so it can detect even more URL Rewrite patterns and improve the efficiency of the crawler,
Optimized several existing security checks,
And much more.

For more detailed information on what is new, improved and also fixed in version 4.5.8.10229 of Netsparker Desktop please refer to the Netsparker Desktop changelog.

Netsparker Enterprise Updated with New Security Checks and Several Other Service Improvements

The new update of Netsparker Enterprise include several new web security checks, an improved heauristic and automated URL Rewrite technology, improved DOM XSS security checks and several service improvements.

The New Netsparker Web Security Scanners: Automated Configuration of URL Rewrite Rules, Scan Policy Optimizer and Proof of Exploitation

We are happy to announce a new version of Netsparker Desktop and a new Netsparker Enterprise update. These updates include several new features and product updates and mostly focus on automating more of the pre-scan tasks, allowing you to easily get started with scanning hundreds and thousands of websites.

Netsparker 4.1 Release - New Security Checks and Improvements

In this new version of Netsparker Desktop there are two new security checks for web forms and base tag hijacking, and we also have a good number of improvements and bug fixes. Read this blog post for more information of what is new and improved in the only false positive free web application security scanner.

Shellshock Bash Remote Code Execution Vulnerability Explained and How to Detect It

The Shellshock Bash vulnerability allows an attacker to send operating system commands to the web server operating system, thus allowing the attacker to take over the server. This web security article explains what is the Shellshock vulnerability and how you can automatically check if your web environment is vulnerable to this critical vulnerability.