November 2017 Netsparker Desktop Update

Tue, 28 Nov 2017 - by Robert Abela

Announcing the November 2017 update of Netsparker Desktop. It includes new features such as the ability to configure the Web Storage Data of a target website and the automatic parsing of parameters from a web form.

This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.

Today, we are delighted to announce a new update of Netsparker Desktop web application security scanner. In this update, we have improved some of the security checks and made several performance enhancements. But, most importantly, we have added new features that will help you automate more. This announcement highlights what is new and improved in this latest update.

Configuring Web Storage Data (Local/Session) for a Website

In the Scan Policy, you can now configure both Local and Session Web Storage Data for a target website. This is useful when you need to provide a token and its value prior to the scan.

As illustrated in the screenshot, to configure Web Storage data, navigate to the Web Storage menu and specify the Type, Key, Value and Origin.

Configuring Web Storage Data (Local/Session) for a Website

New Parse From URL Feature for Form Values

In Netsparker web application security scanner, you can pre-configure the values the scanner uses when traversing web forms. In this update, we added a new feature called Parse From URL, which you can use to automatically extract a list of parameters and their types from a web form, instead of having to dig through the HTML code. It's pretty neat, isn’t it?

New Parse From URL Feature for Form Values

Support for HTTP Header Authentication

When scanning a website that requires authentication, you can easily configure the Form Authentication if it uses web forms, or specify the credentials in the Scan Wizard if it uses Basic, Digest, NTLM or similar authentication mechanisms.

With this update, if for some reason, you need to manually add HTTP authentication headers prior to a scan, you can easily do so from the Headers section in the Scan Wizard, as illustrated in the screenshot.

Support for HTTP Header Authentication

To add a new HTTP Authorization header, click Add Authorization Header, select the type of authentication you are using and specify the Value.

Other Updates and Improvements in the Netsparker Desktop November Update

In this update we also:

  • Changed one of the vulnerability severity names from 'Important' to 'High'
  • Updated several external references in vulnerability reports
  • Improved the default form values' settings
  • Improved scan stability and performance
  • Improved the DOM simulation for a number of specific events
  • And much more!

For a comprehensive list of new features, improvements and fixes in the November update of Netsparker Desktop web application security scanner, please refer to the changelog.

Your Information will be kept private.