December 2019 Update for Netsparker Enterprise
This blog post announces the December 2019 update for Netsparker Enterprise. Highlights include a new Technologies feature, new issue tracking software integrations, new security checks, and new API Endpoint features.
Your Information will be kept private.
Stay up to date on web security trends
Your Information will be kept private.
We're delighted to announce a Netsparker Enterprise update. The highlights in this update include a new Technologies feature, new issue tracking and other software integrations, new security checks, and new API Endpoints.
Other updated features in December 2019 for Netsparker Enterprise include a new Scan Profiles page, new scan notifications for Slack, and a new Comments box.
This announcement highlights what is new in this latest Netsparker Enterprise update. Many of these new features have originated from customer requests, while others provide further support and options for already existing features.
It reports on details and potential security risks, such as whether the technologies are in use, not in use or out-of-date. A notification is sent to the relevant person.
It also detects whether any problematic technologies have been fixed by the software vendor. A new Technologies Dashboard has also been added, to display detected technologies in aggregate.
For further information, see Technologies.
In addition, two improvements have been made to already existing Netsparker integrations:
For further information, see BREACH Attack.
For further information, see TeamMembers and ActivityLogs (AuditLogs).
For further information, see Configuring Scan Profiles in Netsparker Enterprise.
For further information, see Managing Notifications.
For further information, see Netsparker Enterprise Scan Options Fields.
New Technologies Feature
The new Technologies feature in Netsparker Enterprise finds and lists the technologies used in scanned web applications.
It reports on details and potential security risks, such as whether the technologies are in use, not in use or out-of-date. A notification is sent to the relevant person.
It also detects whether any problematic technologies have been fixed by the software vendor. A new Technologies Dashboard has also been added, to display detected technologies in aggregate.
For further information, see Technologies.
New Integrations
Netsparker Enterprise already has many out-of-the-box integrations. With this latest update, several new integrations are available.Issue Tracking Systems
- Asana
- Clubhouse
- PagerDuty
- Trello
- Webhook
Continuous Integration Systems
- CircleCI
Team Messaging Systems
- Microsoft Teams
In addition, two improvements have been made to already existing Netsparker integrations:
- Users now have the ability to create custom fields for the ServiceNow integration
- There is improved Jira integration to support raw values for complex custom field types
New Security Checks
We have added a new security check BREACH Attack Detection.BREACH Attack
Even if you use an SSL/TLS to protect your network connections, attackers can still view your encrypted traffic and force you to inadvertently send HTTP requests to a vulnerable web server. They then have access to your connection and uncover sensitive information. A BREACH attack, enabling an attacker to 'eavesdrop' on the connection, is possible when web applications meet the following conditions. This security check searches on these criteria:- SSL/TLS-secured connection
- HTTP level compression (using gzip or Deflate)
- Reflected user-controlled input in the page
- Sensitive data that is attractive to attackers
For further information, see BREACH Attack.
New API Endpoints
Netsparker Enterprise includes an API which can be used to integrate Netsparker Enterprise with other applications.The API allows the creation and scanning of websites, retrieval of scan results and generating reports, among other things. This update has added new API endpoints for managing Team Members and listing Activity Logs.
For further information, see TeamMembers and ActivityLogs (AuditLogs).
Other Updates
New Scan Profiles Window
In this update, we added a new Scan Profiles window in the Scans menu. From here, you can save or reconfigure a Scan Profile at any time.
For further information, see Configuring Scan Profiles in Netsparker Enterprise.
New Scan Notification Using Slack
There are many benefits to integrating Netsparker with an issue tracking system. You can configure notifications to automatically report detected vulnerabilities as issues to Slack. This update has added the facility to send notifications on the launch of new scans for which a Slack integration has been configured.
For further information, see Managing Notifications.
Comments Box in the New Scan Window
This update has added a new Comments box in the New Scan window. This allows you to add a comment to your scan prior to launch. This comment is displayed in the scan report and is accessible while launching further scans.
For further information, see Netsparker Enterprise Scan Options Fields.
