Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker.
It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting (XSS), Remote Code Execution and many more. It has exploitation built on it, for example you can get a reverse shell out of an identified SQL Injection or extract data via running custom SQL queries.
The main highlight of this version is the web services scanner; now scan and identify vulnerabilities and security issues in web services automatically and easily.
Changelog v3.2
New Features
- Ability to scan SOAP web services for security issues and vulnerabilities
- Request and Response viewers to view HTTP requests/responses like XML and JSON tree views
- New knowledge base node that will include all AJAX/XML HTTP Requests
- New value matching options for form values other than regex pattern (exact, contains, starts, ends)
- New report template for parsing source information Crawled URLs List (CSV)
New Security Checks
- Added attack patterns for LFI vulnerability which is revealed with only backslashes in file path
- Added Programming Error Message vulnerability detection for SOAP faults
- Added AutoComplete vulnerability for password inputs
- NuSOAP version disclosure
- NuSOAP version check
Improvements
- Improved XSS vulnerability confirmation
- Improved Generic Source Code Disclosure security check by excluding JavaScript and CSS resources
- Added latest version custom field for the version vulnerabilities
- Added standard context menus to text editors
- Sitemap tree will displan nodes of JSON, XML and SOAP requests and responses with no parameters
- Added force option to form value settings to enforce user specified values
- Optimized attack patterns for JSON and XML attacks by reducing attack requests
- Optimized Common Directories list and removed the limit for Extensive Security Checks policy
- Improved the license dialog to show whether a license is missing or expired
Fixes
- Fixed update dialog to not show on autopilot mode
- Fixed an interim auto update crash
- Fixed typo in Out of Scope Links knowledge base report template
- Fixed an issue in LFI exploiter where XML tags with namespace prefixes was preventing exploitation
- Fixed Controlled Scan button disabled issue for some sitemap nodes
- Fixed parameter anchors in Vulnerability Summary table of Detailed Scan Report template
- Fixed form authentication wizard to use user agent set on currently selected policy
- Fixed zero response time issue for some sitemap nodes
- Fixed dashboard progress bar showing 100%
- Fixed random crashes on license dialog while loading license file or closing dialog
- Fixed Microsoft Anti-XSS Library links on vulnerability references