Netsparker Web Application Security Scanner v3.5.5 Released
Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker.
It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting (XSS), Remote Code Execution and many more. It has exploitation built on it, for example you can get a reverse shell out of an identified SQL Injection or extract data via running custom SQL queries.
News Features of this minor version update:
- More Efficient and Precise Scanning of Websites Using URL Rewrite
- Improved DOM Cross-site Scripting Scanner and DOM Parser
Changelog v3.5.5
New Features
- New option available to specify the type of parameter when configuring URL rewrite rules, e.g. numeric, date, alphanumeric
Improvements
- Improved the performance of the DOM Parser
- Improved the performance of the DOM cross-site scripting scanner
- Optimized DOM XSS Scanner to avoid scanning pages with same source code
- Changed the default HTTP User agent string of built-in policies to Chrome web browser User agent string
- Improved selected element simulation for select HTML elements
- Added new patterns for Open Redirect engine
Fixes
- Fixed a bug in WSDL parser which prevents web service detection if XML comments are present before the definitions tag
- Fixed a bug in WSDL parser which prevents web service detection if an external schema request gets a 404 not found response
- Fixed a bug that occurs when custom URL rewrite rules do not match the URL with injected attack pattern and request is not performed
- Fixed a configure form authentication wizard problem where the web browser does not load the page if the target site uses client certificates
- Fixed a crash in configure form authentication wizard that occurs when HTML source code contains an object element with data: URL scheme is requested
- Fixed a bug in DOM Parser where events are not simulated for elements inside frames
- Fixed a cookie parsing bug where a malformed cookie was causing an empty HTTP response
Mroe Information: