2016 was a great year for Netsparker! We were the first (and only) web application security scanner vendor to introduce a number of cutting-edge technologies that make it possible to scale up web scanning and easily scan 100s and 1000s of websites, without having to spend hours configuring complex tools and days verifying that the vulnerabilities the scanner has detected are not false positives.
In 2016 we have also introduced the monthly updates for our web application security scanner. We have also been featured in a number of interviews on some popular podcasts and more, as highlighted in this overview post.
Automating and Scaling Up Web Vulnerability Scanning
The first Netsparker update we released in 2016 focused on automation and scalability. We developed features in the scanner to help users automate much more of both the pre-scan (configuration) and post-scan (verifying the results). The February 2016 update of Netsparker scanner had: Automatic recognition and configuration of URL rewrite rules: you do not need to know the URL rewrite configuration on the target and configure the scanner to crawl and scan all the parameters on the target website. Proof-Based ScanningTM Technology: a technology that automatically generates a proof of exploit of the identified vulnerabilities, so you do not have to manually verify them. Here is a short two minute video on how this technology works, which we have also done in 2016. In the February 2016 update of Netsparker web application security scanner we also released the:- fully responsive Netsparker Enterprise web interface,
- the Scan Policy Optimizer,
- integration with bug tracking systems such as Github and Team Foundation Server,
- and much more, as you can read in these release notes.
Monthly Web Security Scanner Updates
Since April 2016 we started releasing a monthly update of both the Netsparker web scanner editions. The advantage of monthly releases is that you do not have to wait four, five or more months to start using a new feature. If a feature is developed, it means it is needed and it will help you automate more, so we will release it once it is ready. Below are some of the highlights from the 2016 product updates:- Updated the scanning engine to automatically find vulnerabilities in Parameter-based navigation web applications,
- Improved the scanning engine to better crawl and scan single page web applications (SPA)
- Ability to export the web security scan results as ModSecurity WAF rules,
- Updated the scanner to automatically scan REST APIs / RESTful web services,
- Introduced the Report Policies in Netsparker Enterprise,
- Added the HTTP Request Builder tool in Netpsarker Desktop, so you can create your own HTTP requests,
- Rebuilt the Netsparker Enterprise Web Vulnerability Tracking System,
- Added SMS and Email Notifications in Netsparker Enterprise, so you can be instantly alerted when critical vulnerabilities are identified on your web applications,
Free Netsparker Enterprise Scans, Interviews and More from Netsparker
In 2016 we have also announced free Netsparker Enterprise web vulnerability scans available for open source projects. Several open source projects already benefit from this campaign, including OpenCart, who are featured in this web security case study. Our CEO Ferruh Mavituna has also been interviewed several times during 2016. Starting with an interview in which he explains what is Netsparker at RSA in San Francisco, and then four more interviews on the popular security show Paul’s Security Weekly. You can watch all the interviews from the below links:- Security Weekly episode 457
- Security Weekly episode 463
- Security Weekly episode 483
- Security Weekly episode 492