September 2017 Update of Netsparker Cloud

We are very happy to announce the September 2017 update of Netsparker Cloud. In this update, we included new features, a good number of improvements, new security checks and numerous bug fixes. Here is an overview of what is new and improved in this September 2017 update of Netsparker Cloud.

New Features

Configurable List of Parameter Names for Improved Handling of Anti-CSRF Tokens

We love automation! Netsparker can scan a website that uses Anti-CSRF tokens, without you having to disable them. Now you can also add a list of parameter names that use Anti-CSRF tokens,  so the scanner can scan them successfully, without being hindered by the Anti-CSRF tokens.

Configurable List of Parameter Names for Improved Handling of Anti-CSRF Tokens

Attacking Optimization Options for Recurring Parameters on Different Pages

When this option is enabled, Netsparker will identify the same parameters that are used on multiple pages, so not to scan them multiple times. Some examples of such parameters are search widgets, newsletter subscription and similar forms. Such setting can be enabled from the Attacking section of a Scan Policy.

Attacking Optimization Options for Recurring Parameters on Different Pages

Support for Multiple Configured Credentials

In Netsparker Cloud now it is possible to configure multiple Basic, NTLM and Digest authentication credentials for the same target. So if your website has multiple password protected areas, and each of them requires different credentials, or use different authentication mechanisms, you can configure them in Netsparker Cloud and scan all password protected areas in one single scan.  For more information on how to configure multiple sets of credentials refer to the section Configuring multiple sets of credentials and URLs in the document Configuring Basic, NTLM & Digest Authentication in Netsparker.

Other Notable Features

In this September 2017 update of Netsparker Cloud we have also added the following:

  • Ability to configure custom HTTP headers for a scan
  • Added the new Site Profile node in the Knowledge Base

New Security Checks & Product Improvements

In this update, we included numerous new security checks, product and security checks improvements. Since the list is too long (yes we really worked hard over the summer) we cannot include it in this blog post. Please refer to the Netsparker Cloud changelog for a detailed list of what is new, improved and fixed in this update of Netsparker Cloud.

This is a Security Bloggers Network syndicated blog post authored by Robert Abela. Read the original post at: Netsparker, Web Application Security Scanner