2016 was a great year for Netsparker! We were the first (and only) web application security scanner vendor to introduce a number of cutting-edge technologies that make it possible to scale up web scanning and easily scan 100s and 1000s of websites, without having to spend hours configuring complex tools and days verifying that the vulnerabilities the scanner has detected are not false positives.
In 2016 we have also introduced the monthly updates for our web application security scanner. We have also been featured in a number of interviews on some popular podcasts and more, as highlighted in this overview post.
Automating and Scaling Up Web Vulnerability Scanning
The first Netsparker update we released in 2016 focused on automation and scalability. We developed features in the scanner to help users automate much more of both the pre-scan (configuration) and post-scan (verifying the results). The February 2016 update of Netsparker scanner had:
Automatic recognition and configuration of URL rewrite rules: you do not need to know the URL rewrite configuration on the target and configure the scanner to crawl and scan all the parameters on the target website.
Proof-Based Scanning Technology: a technology that automatically generates a proof of exploit of the identified vulnerabilities, so you do not have to manually verify them. Here is a short two minute video on how this technology works, which we have also done in 2016.
In the February 2016 update of Netsparker web application security scanner we also released the:
- fully responsive Netsparker Cloud web interface,
- the Scan Policy Optimizer,
- integration with bug tracking systems such as Github and Team Foundation Server,
- and much more, as you can read in these release notes.
Monthly Web Security Scanner Updates
Since April 2016 we started releasing a monthly update of both the Netsparker web scanner editions. The advantage of monthly releases is that you do not have to wait four, five or more months to start using a new feature. If a feature is developed, it means it is needed and it will help you automate more, so we will release it once it is ready. Below are some of the highlights from the 2016 product updates:
- Updated the scanning engine to automatically find vulnerabilities in Parameter-based navigation web applications,
- Improved the scanning engine to better crawl and scan single page web applications (SPA)
- Ability to export the web security scan results as ModSecurity WAF rules,
- Updated the scanner to automatically scan REST APIs / RESTful web services,
- Introduced the Report Policies in Netsparker Cloud,
- Added the HTTP Request Builder tool in Netpsarker Desktop, so you can create your own HTTP requests,
- Rebuilt the Netsparker Cloud Web Vulnerability Tracking System,
- Added SMS and Email Notifications in Netsparker Cloud, so you can be instantly alerted when critical vulnerabilities are identified on your web applications,
Apart from all the new features and scanner improvements, every month we are introducing new web vulnerability checks and improving the existing ones. We are also frequently adding new security checks such as checks for Subresource Integrity and Content Security Policy, to help you build more secure web applications.
Free Netsparker Cloud Scans, Interviews and More from Netsparker
In 2016 we have also announced free Netsparker Cloud web vulnerability scans avaialble for open source projects. Several open source projects are already benefitting from this campaign, including OpenCart, who are featured in this web security case study.
Our CEO Ferruh Mavituna has also been interviewed several times during 2016. Starting with an interview in which he explains what is Netsparker at RSA in San Francisco, and then four more interviews on the popular security show Paul’s Security Weekly. You can watch all the interviews from the below links:
- Security Weekly episode 457
- Security Weekly episode 463
- Security Weekly episode 483
- Security Weekly episode 492
We also hosted a webcast with our friends from Denim group on how to optimize your application security program with Netsparker and ThreadFix.
What’s in Store for Netsparker Web Security Scanner in 2017?
In 2016 we have pushed the boundaries of what we can automate in web application security. For 2017 the mantra will be the same. Continue improving the cloud-based and desktop editions of our web application security scanner both in terms of features, ease of use, automation and also scanning capabilities.
This is a Security Bloggers Network syndicated blog post authored by Robert Abela. Read the original post at: Netsparker, Web Application Security Scanner