Last year we released a Netsparker update on an almost monthly basis. This year we’ve been a little quieter, but we have not been sitting still. We have been working on a major update that we’re delighted to be able to announce today – the new Netsparker Team and Enterprise plans!
This May 2018 update is not just about the new plans – that’s just the highlight. Read this post for an overview of all is new, improved and fixed in this major update of the Netsparker Web Application Security Scanner.
The All New Netsparker Standard, Team & Enterprise Plans
There will no longer be a distinction between Netsparker Desktop and Netsparker Cloud in licensing or pricing. We have integrated the two editions in our new plans. Now, when you purchase the Netsparker Team or Enterprise plan, you will have access to both the on-premises Windows software (Netsparker Desktop) and the hosted or on-premises edition of Netsparker Cloud.
To complement these plans, we have added new functionality in both editions that enables you to connect them, and then easily share scanning and vulnerability data between them. We have explained the advantages of these new plans over individual licenses, and the integration functionality in our Integration Announcement.
This same approach is being applied to all of the editions’ scanning capabilities and coverage. Since both Netsparker Cloud and Desktop solutions use the Proof-Based Scanning technology, new scanning engine updates, security checks and coverage updates will be implemented in both editions of the Netsparker web application security scanner.
Support for Single Sign-On
We have always encouraged our users – especially those who integrate Netsparker Cloud in their SDLC, DevOps and other environments – to involve their entire team in the process of identifying, triaging and fixing vulnerabilities.
Now, including the team in all processes is much easier with the introduction of Single Sign-On support. Anyone who needs to access scan and vulnerability data on the Netsparker dashboard can easily do so securely, without the need to login. For a full explanation, see Netsparker and Single Sign-on support.
Developers use many off-the-shelf web applications, frameworks and third-party components in their custom web applications. And, why not? Why reinvent the wheel when someone else has already done it for you?
New User Interface & Visual Features
This latest Netsparker update has an awesome new UI and visual features.
A New Skin for Netsparker Desktop
Once you launch Netsparker, you’ll immediately notice the new skin of the on-premises scanner: new colours, sharper icons and fonts and better support for high-DPI monitors.
We have also replaced the top drop-down menus with a new ribbon to make the features more accessible to you, a concept you’ll already be familiar with from Microsoft Office.
Multi-display lovers will undoubtedly enjoy this feature. All panels in Netsparker Desktop, such as the sitemap, scan progress and vulnerability details panels, can now be undocked. This enables you to easily customise your own a SpaceX-style dashboard, as illustrated.
New Security Checks & Improved Coverage
To ensure that our scanner continues to fulfil its reputation as the scanner that detects most vulnerabilities, we have added a number of new security checks in this update and have improved countless numbers of existing security checks. Here are the highlights:
- Server-Side Template Injection security checks (Malicious users can exploit this type of server-side flaw by managing to do unauthorized changes to a website template, possibly adding own malicious code, so when the template is parsed by the web application the attacker can read sensitive data and in some cases it can even lead to remote code execution.)
- Expect-CT HTTP header security check (Netsparker checks that the Expect-CT HTTP header is properly implemented. The Expect-CT (certificate transparency) HTTP header is used by websites to report and even enforce the Certificate Transparency requirements, which are basically used to request a browser to check that the website’s certificate is valid (i.e. is listed in the public CT logs). Refer to the Certificate Transparency official website for more information).
- Improved the Anti-CSRF token support to also support tokens in HTTP headers and HTML meta tags.
Other Notable Highlights in this May 2018 Netsparker Update
- Smart Card authentication support (support for PKCS#11 certificates on smart cards on authenticated scans)
- Improved support for Swagger, YAML, React and similar web technologies
- An new OWASP Top 10 2017 compliance report template
- Support for multiple sitemaps in robots.txt
- And many other updates
*** This is a Security Bloggers Network syndicated blog from Netsparker, Web Application Security Scanner authored by Robert Abela. Read the original post at: http://feedproxy.google.com/~r/netsparker/~3/i3b0FucGvwo/