Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Security Blog

September 2017 Update of Netsparker Enterprise

- -

Release notes about the September 2017 update of Netsparker Enterprise, in which a number of new security checks, product updates and new features are included.

We are very happy to announce the September 2017 update of Netsparker Enterprise. In this update, we included new features, a good number of improvements, new security checks and numerous bug fixes. Here is an overview of what is new and improved in this September 2017 update of Netsparker Enterprise.

New Features

Configurable List of Parameter Names for Improved Handling of Anti-CSRF Tokens

We love automation! Netsparker can scan a website that uses Anti-CSRF tokens, without you having to disable them. Now you can also add a list of parameter names that use Anti-CSRF tokens,  so the scanner can scan them successfully, without being hindered by the Anti-CSRF tokens.

Configurable List of Parameter Names for Improved Handling of Anti-CSRF Tokens

Attacking Optimization Options for Recurring Parameters on Different Pages

When this option is enabled, Netsparker will identify the same parameters that are used on multiple pages, so not to scan them multiple times. Some examples of such parameters are search widgets, newsletter subscription and similar forms. Such setting can be enabled from the Attacking section of a Scan Policy.

Attacking Optimization Options for Recurring Parameters on Different Pages

Support for Multiple Configured Credentials

In Netsparker Enterprise now it is possible to configure multiple Basic, NTLM and Digest authentication credentials for the same target. So if your website has multiple password protected areas, and each of them requires different credentials, or use different authentication mechanisms, you can configure them in Netsparker Enterprise and scan all password protected areas in one single scan.  For more information on how to configure multiple sets of credentials refer to the section Configuring multiple sets of credentials and URLs in the document Configuring Basic, NTLM & Digest Authentication in Netsparker.

Other Notable Features

In this September 2017 update of Netsparker Enterprise we have also added the following:

  • Ability to configure custom HTTP headers for a scan
  • Added the new Site Profile node in the Knowledge Base

New Security Checks & Product Improvements

In this update, we included numerous new security checks, product and security checks improvements. Since the list is too long (yes we really worked hard over the summer) we cannot include it in this blog post. Please refer to the Netsparker Enterprise changelog for a detailed list of what is new, improved and fixed in this update of Netsparker Enterprise.

About the Author

Ferruh Mavituna - Founder, Strategic Advisor

Ferruh Mavituna is the founder and CEO of Invicti Security, a world leader in web application vulnerability scanning. His professional obsessions lie in web application security research, automated vulnerability detection, and exploitation features. He has authored several web security research papers and tools and delivers animated appearances at cybersecurity conferences and on podcasts. Exuberant at the possibilities open to organizations by the deployment of automation, Ferruh is keen to demonstrate what can be achieved in combination with Invicti’s award-winning products, Netsparker and Acunetix.

Related Articles

Most Popular Articles