Netsparker - "Automate That" Release v1.1.5.0057
Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker.
It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting (XSS), Remote Code Execution and many more. It has exploitation built on it, for example you can get a reverse shell out of an identified SQL Injection or extract data via running custom SQL queries.
Netsparker has been identified as the most promising commercial software for 2009 - 2010 in our survey Best IT Security Tools for 2009
What’s new in this release :
Netsparkerâ€™s new â€œAutomate Thatâ€  release is ready. Itâ€™s not just about bug fixes or improvements, weâ€™ve also got two great new features and two big improvements. Command Line Support to automate and integrate your scans with other tools. Schedule Support so that you can scan stuff overnight or scan your application weekly and obtain reports. We decreased the request count during the attacking phase without sacrificing our coverage and added a bunch of new confirmation engines.
- Schedule Support : One of the most requested features was Scheduling Support, finally we added it. It doesnâ€™t require an extra service to install and will integrate itself to â€œWindows Task Schedulerâ€ . It works correctly under Windows XP, Windows 2003, Windows Vista, Windows 7.
- Command Line Support : Command line can be used to call Netsparker from another application for manual scanning, for example internally weâ€™ve got a Firefox test extension which launches Netsparker with the current pageâ€™s URL by using the following command line.
- Performance Improvements
- Amount of requests to identify vulnerabilities drastically decreased. We optimised all of our attacks, combined some attacks into one and in the end we started to send 35% less requests and we opened some space to make our coverage even better by decreasing the amount of requests . This means shorter attacking phase.
- Smart caching added to some detection engines to decrease CPU usage. If you have a powerful system you might not notice this at all. Itâ€™s an increase of about 2-3%.
- New Security Checks
- ASP.NET ViewState analysis added
- ViewState is not signed
- ViewState is not encrypted
- ViewState view panel. When you go to â€œHTTP Request/Responseâ€ , if the page has ViewState in it, this panel will be visible automatically. If the ViewState is not encrypted, then you can see the data in it.
- New Confirmation Engines
Confirmation engines ensure that you wonâ€™t have a false-positive and you will see less [Possible] vulnerabilities. When these vulnerabilities get confirmed youâ€™ll see Netsparkerâ€™s famous Confirmation Confirmed icon!
- RCE (Remote Code Evaluation) confirmation engine added.
- RFI (Remote File Inclusion) confirmation engine added.
- Command (Remote File Inclusion) confirmation engine added.