March 2019 Update for Netsparker Standard - Security Boulevard

SBN March 2019 Update for Netsparker Standard

We’re delighted to announce a Netsparker Standard release. The highlights of this release are the New Scan Policies for PCI and OWASP Top Ten Vulnerabilities. Other new features include:

  • Smart Netsparker Assistant scanning guide
  • Added Integration options for Azure DevOps, Redmine and Bugzilla
  • New Best Practice Severity Level
  • New RESTful API features

Scan Policies for PCI and OWASP TOP 10 Vulnerabilities

Netsparker Standard users can now conduct PCI Scans to receive approved PCI compliance reports for their public websites. Users can also discover what vulnerabilities need fixed before their PCI compliance is passed. The Payment Card Industry Security Standards Council sets requirements for security compliance that are the benchmark for the entire industry.

OWASP is the Open Web Application Security Project. They publish a top ten list of critical web application security risks to encourage security and best practice in the web community. Netsparker Standard has now incorporated this list into its scan policy.

Both PCI and OWASP Top Ten features previously existed in Netsparker Standard as report templates only. Now, they are specific security check policies that can be selected from the initial Scan Policy selection.

For further information, see the PCI Scanning Announcement and Using Netsparker To Comply With The OWASP Application Security Verification Standard When Developing Web Applications.

Other Highlights

These are the other important new features from the latest update.

  • Smart Netsparker Assistance: an assistant that can detect scan configuration problems
  • New Send To options (integrations) with Azure DevOps, Redmine & Bugzilla
  • New Best Practices severity level for non-direct impact vulnerabilities
  • New RESTful API features

Smart Netsparker Assistant

Netsparker Assistant is a smart scan assistant that will guide you through the scanning process. It has action buttons to help you easily navigate through scan settings. Netsparker Assistant’s main role is to detect scan configuration problems and provide you with the information to fix these issues through the Netsparker Assistant notification panel. It will also use a real-time Scan Policy optimizer to help you create an optimized version of your current Scan Policy.

Added Integration Options

Netsparker already has built-in integration features with several CI/CD tools to help you automate more of your tasks. In this update, we have added further Send To implementation which allows users to send the vulnerability details to:

  • Azure DevOps
  • Redmine
  • Bugzilla

New Severity Level

Netsparker Standard has a new Best Practice Severity Level. This is for detected issues that are recommended practices but are not vulnerabilities and are less serious than Information Alerts. For example, it will inform users of Netsparker Standard if they have a Content Security Policy (CSP) or Referrer-Policy that is not implemented.

For further information, see Vulnerability Severity Levels.

New RESTful API Features

Netsparker Standard has added two new RESTful API features:

  • Added RESTful API modeling language (RAML) link import support
  • Added support for importing links from WordPress REST API files

For further information, see Finding Vulnerabilities in RESTful Web Services Automatically with a Web Security Scanner.

Further Information

For a complete list of what is new, improved and fixed in this update, refer to the Netsparker Standard changelog.

*** This is a Security Bloggers Network syndicated blog from Netsparker, Web Application Security Scanner authored by Netsparker Security Team. Read the original post at: