We're delighted to announce a Netsparker Enterprise update. The highlights in this update include a new Technologies feature, new issue tracking and other software integrations, new security checks, and new API Endpoints.Other updated features in December 2019 for Netsparker Enterprise include a new Scan Profiles page, new scan notifications for Slack, and a new Comments box.This announcement highlights what is new in this latest Netsparker Enterprise update. Many of these new features have originated from customer requests, while others provide further support and options for already existing features.

New Technologies Feature

The new Technologies feature in Netsparker Enterprise finds and lists the technologies used in scanned web applications.

It reports on details and potential security risks, such as whether the technologies are in use, not in use or out-of-date. A notification is sent to the relevant person.It also detects whether any problematic technologies have been fixed by the software vendor. A new Technologies Dashboard has also been added, to display detected technologies in aggregate.

For further information, see Technologies.

New Integrations

Netsparker Enterprise already has many out-of-the-box integrations. With this latest update, several new integrations are available.

Issue Tracking Systems

• Asana
• Clubhouse
• PagerDuty
• Trello
• Webhook

Continuous Integration Systems

• CircleCI

Team Messaging Systems

• Microsoft Teams

In addition, two improvements have been made to already existing Netsparker integrations:

• Users now have the ability to create custom fields for the ServiceNow integration
• There is improved Jira integration to support raw values for complex custom field types

For further information, see What Systems Does Netsparker Integrate With?

New Security Checks

We have added a new security check BREACH Attack Detection.

BREACH Attack

Even if you use an SSL/TLS to protect your network connections, attackers can still view your encrypted traffic and force you to inadvertently send HTTP requests to a vulnerable web server. They then have access to your connection and uncover sensitive information.A BREACH attack, enabling an attacker to 'eavesdrop' on the connection, is possible when web applications meet the following conditions. This security check searches on these criteria:

• SSL/TLS-secured connection
• HTTP level compression (using gzip or Deflate)
• Reflected user-controlled input in the page
• Sensitive data that is attractive to attackers

For further information, see BREACH Attack.

New API Endpoints

Netsparker Enterprise includes an API which can be used to integrate Netsparker Enterprise with other applications.The API allows the creation and scanning of websites, retrieval of scan results and generating reports, among other things.This update has added new API endpoints for managing Team Members and listing Activity Logs.

For further information, see TeamMembers and ActivityLogs (AuditLogs).

Other Updates

New Scan Profiles Window

In this update, we added a new Scan Profiles window in the Scans menu. From here, you can save or reconfigure a Scan Profile at any time.

For further information, see Configuring Scan Profiles in Netsparker Enterprise.

New Scan Notification Using Slack

There are many benefits to integrating Netsparker with an issue tracking system. You can configure notifications to automatically report detected vulnerabilities as issues to Slack. This update has added the facility to send notifications on the launch of new scans for which a Slack integration has been configured.

For further information, see Managing Notifications.

Comments Box in the New Scan Window

This update has added a new Comments box in the New Scan window. This allows you to add a comment to your scan prior to launch. This comment is displayed in the scan report and is accessible while launching further scans.

For further information, see Netsparker Enterprise Scan Options Fields.

Further Information

For a complete list of what is new, improved and fixed in this update, refer to the Netsparker Enterprise Changelog.