Netsparker Enterprise Updated with New Security Checks and Several Other Service Improvements

Last week we applied a new major update to Netsparker Enterprise, our online web application security scanning service. Below is an overview of what is new, improved and fixed in update 20160311.

New Start a New Scan Interface

The new Start a New Scan interface is more intuitive. You can configure every aspect of the web application security scan and the Scan Profile without having to scroll down through a long list of settings.

Scan Profiles Improvements

When you save the settings of web security scan as a Scan Profile in Netsparker Enterprise, now you can tick the Shared checkbox so the Scan Profile is shared with all the Netsparker Enterprise team members.

You can also configure a Primary Scan Profile for a website. Therefore each time you want to configure a new scan for that website, the Primary Scan Profile will be selected by default.

New & Improved Web Security Checks

In this update we also included a number of new security checks for the HTTP Strick Transport Security (HSTS) mechanism and improved the JavaScript and DOM parser, which also mean more advanced DOM XSS vulnerability security checks.

We also updated our existing SSL / TLS security check to issue an alert should their SSL / TLS implementation be vulnerable to the new DROWN SSL/TLS vulnerability, that essentially allows the attackers to break the encryption and read the communication. Refer to the DROWN vulnerability website for more details on the vulnerability.

Other Netsparker Enterprise Improvements & Bug Fixes

We applied several other improvements in this update 20160311 of Netsparker Enterprise. For example we improved the heuristic URL Rewrite technology to automatically identify more patterns and added several new JavaScript settings in Scan Policies. For a more detailed list of what is new, improved and fixed please refer to the Netsparker Enterprise changelog.