This is a minor update to Netsparker Standard/Professional editions which contains bug fixes and user interface enhancements for form authentication. We have fixed a critical bug where Netsparker was failing to detect logouts when form authentication is configured (especially for the scans that use keyword-based logout detection signature).
We have tried to increase the usability of the Configure Form Authentication wizard in this release. On the status bar of the wizard, we have placed a breadcrumb widget where it shows all the steps of the process and also highlights the current step you are at:
On the first step of the wizard, we have included some mockup images that tries to illustrate the kind of web page URLs we are expecting the user to enter:
Second step of the wizard now contains a familiar user interface idiom on upper-right corner of the window, a camcorder recording animation. The user should now have a better feeling that any operation performed on this step is recorded:
And the third step (a.k.a. the playback phase) of the wizard has enhancements to keyword-based logout detection user interface. We have placed indicators right beneath the browser panes. While you are typing the logout keyword, it is matched to logged-in and logged-out views and the indicators update accordingly. You should make both of these indicators show green, as you know, green means go!
Security Check Improvements
- Vulnerability database with new version checks
Bugs Fixed
- Fixed a potential null reference exception on logout detection
- Fixed a bug where session export confirmation isn't displayed while quitting application
- Fixed a text parser issue happens when the page contains an option element without any value
Update
If you have a valid Netsparker Professional or Standard license then all you need to do is click "Help > Check for Updates" to update to Netsparker 2.5.3.