Netsparker Final Beta (v0.9.9.9935) - Web App Security Scanner

by

In: Application Scanner , Attack , Commercial , Exploitation , Netsparker , Vulnerability Scanner

9 October 2009

Netsparker, web application security scanner can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology it’s built on, just like an actual attacker.

It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting (XSS), Remote Code Execution and many more. It has exploitation built on it, for example you can get a reverse shell out of an identified SQL Injection or extract data via running custom SQL queries.

JPEG - 5.7 kb

Version Final Beta v0.9.9.9935

  • New name, new design!
  • New Test Module: Detect and analyse for crossdomain.xml issues
  • New Test Module: Apache server-status and server-info detection
  • Text parser finds relative links again, which has been closed in previous beta due to performance reasons
  • Better case sensitivity support, during the crawling and attacking. You need to explicitly enable it from "Advanced Settings"
  • New Test Module: Detect Apache Altarnate/Multiviews
  • Custom 404 support. Now, Netsparker can detect custom 404 pages and act accordingly
  • Better HTTP Request / Response GUI. Got splitter, better search and some other cool stuff
  • New Test Module: Find backup files
  • Improved Test Module: New and better attacks added to command injection for *nix and Windows based systems
  • Better error handling. Now you can add details to error reports as well as your e-mail address so we can get back to you about the issue (of course, only if you want)
  • New Test Module: Check for TRACE/TRACK methods
  • GUI support customisation in many ways and remembers all of them
  • Some bugs in the redirected pages fixed
  • Some false positives in Boolean SQL Injection fixed
  • Text parser slightly improved, some minor bugs fixed
  • Memory usage and overall performance of the application significantly improved.
  • Improved Test Engine: SQL Injection, Boolean SQL Injection and Blind SQL Injection tests improved to increase the coverage
  • Some rare XSS False-positives fixed.
  • Performance of the Javascript Parser improved. Now it’s faster and better.
  • Figures in the dashboard fixed. It’s still not totally accurate -due to runtime optimisation- but pretty close to what’s going to happen
  • Disconnect and better error handling added to SQL Injection exploitation. Some bugs fixed in the listener as well
  • New Test Module: Sitemap.xml analysis

Tool submitted by Ferruh Mavituna (Project Leader)

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Application Scanner
Attack
Commercial
Exploitation
Netsparker
Vulnerability Scanner