As usual we are releasing new features and improving the quality of Netsparker.
New Redirect Tests
This release introduces 2 new security tests, which confirm whether redirects in the web application are working as expected. If the application sends a redirect back but keeps processing the page this generally indicates a bug. The impact of the bug can vary from “Authentication Bypass “ to a simple forgotten line in the code. However, it almost always indicates a bug that needs to be addressed.New Features
- Microsoft Live ID, SSO Authentication Support
Improvements on Security Tests
- Blind SQL Injection coverage improved
- Protocol-agnostic Open Redirection checks added
- LFI security test coverage improved
- Version information automatically added to all Error Based SQL Injection issues now
- New XSS checks added to bypass blacklists
Other Improvements and Bug Fixes
- A Form Parsing bug fixed in Text Parser
- An error log in Blind Command Injection Engine fixed
- Some URI Based XSS issues were reported multiple times
- Minor bugs fixed in the Detailed and XML Reports
- Typo fixed in CSV Report
- Set-Cookie headers wasn't working properly in Redirects
- Netsparker now supports multiple set-cookies with same cookie name
- Anti-CSRF token support improved for Form Authentication
- A bug fixed in profile save with NTLM authentication
- Naming in certain vulnerabilities changed. New naming uses “Confirmed”, “[Probable]” and “[Possible]”.
Update
If you have a valid Netsparker Professional or Standard license then all you need to do is click "Help > Check Updates" to update to Netsparker 1.9.0.5