Mavituna Security Ltd has released a new version of Netsparker, Web Application Security Scanner. According to Mavituna Security blog, the Netsparker version 220.127.116.11 has two new security tests and many new features as follow:
This release introduces 2 new security tests, which confirm whether redirects in the web application are working as expected. If the application sends a redirect back but keeps processing the page this generally indicates a bug. The impact of the bug can vary from “Authentication Bypass “ to a simple forgotten line in the code. However, it almost always indicates a bug that needs to be addressed.
- Microsoft Live ID, SSO Authentication Support
- Vulnerability Summary added to reports
- Summary Report added to Sitemap. When you click name of the website that you are scanning from the sitemap Netsparker now shows a summary report of the current scan.
Improvements on Security Tests
- Blind SQL Injection coverage improved
- Protocol-agnostic Open Redirection checks added
- LFI security test coverage improved
- Version information automatically added to all Error Based SQL Injection issues now
- New XSS checks added to bypass blacklists
Other Improvements and Bug Fixes
- A Form Parsing bug fixed in Text Parser
- An error log in Blind Command Injection Engine fixed
- Some URI Based XSS issues were reported multiple times
- Minor bugs fixed in the Detailed and XML Reports
- Typo fixed in CSV Report
- Set-Cookie headers wasn’t working properly in Redirects
- Netsparker now supports multiple set-cookies with same cookie name
- Anti-CSRF token support improved for Form Authentication
- A bug fixed in profile save with NTLM authentication
- Naming in certain vulnerabilities changed. New naming uses “Confirmed”, “[Probable]” and “[Possible]”.
Visit Mavituna Security website for more information and educational videos.
Source & Picture: mavitunasecurity.com