Detect DOM Based Cross-Site Scripting Vulnerabilities with Netsparker

Press Release covering the release of Netsparker Web Application Security Scanner version 3.5. With the new Netsparker you can automatically detect DOM based cross-site scripting vulnerabilities in web applications, easily configure URL rewrite rules to scan parameters in URLs and much more.

15th July 2014, London – Netsparker Ltd today announced the release of Netsparker Web Application Security Scanner Version 3.5, the leading false positive free web vulnerability scanner that simulates malicious hacker attacks and enables web application security professionals to automatically identify vulnerabilities and other security issues in their web applications.

The new version of Netsparker Web Application Security Scanner can automatically detect the widely exploited DOM based cross-site scripting vulnerability in web applications. It also has a new Chrome based crawler that allows it to crawl a wider variety of web applications and has an all new user friendly wizard that allows users to easily configure URL rewrites rules to scan parameters in URLs.

Automatically Detect DOM Cross-Site Scripting with Netsparker

Unlike the traditional cross-site scripting vulnerability, DOM XSS affects the script code in the client’s web browser. Since many modern Web 2.0 and HTML 5 web application heavily depend on client-side scripts, most of them are typically susceptible to DOM XSS. As a matter of fact, malicious hackers are taking advantage of this vulnerability, making DOM XSS a popular exploited vulnerability.

The latest version of Netsparker can automatically identify DOM based cross-site scripting vulnerabilities in modern web applications. Once the vulnerability is detected, Netsparker will report all the technical details developers need to learn about this modern vulnerability and remediate the issue as soon as possible.

Configure URL Rewrite Rules via a Wizard to Attack Parameters in URL

Unlike with other security products, configuring URL rewrite rules in Netsparker is very easy and is done via a user friendly wizard. You do not need to know about regular expressions and specify complicated patterns. You do not even need to know what are the actual URL rewrite rules are written and have access to web server configuration files. Simply follow the user friendly wizard to automatically configure the URL rewrite rules.

Once URL rewrite rules are configured the parameters used in URLs will be automatically crawled and attacked by the web vulnerability scanner to uncover any potential vulnerabilities such parameters might be vulnerable to.

Improved Web Applications Coverage with New Chrome Based Crawler

If a vulnerable parameter is not crawled, it won’t be scanned and the vulnerability will not be uncovered. The new version of Netsparker has a new Chrome based crawler that allows it to crawl and better understand client scripts used in modern Web 2.0 and HTML5 web applications, thus leaving no stone unturned.

With the introduction of the new Chrome based crawler Netsparker’s coverage has been improved, therefore Netsparker can now crawl a wider variety of web applications and detect vulnerabilities and security issues in them.

Other Netsparker Improvements and New Web Security Checks

The new version of Netsparker Web Application Security Scanner also includes a number of improvements and new vulnerability checks that allow the web vulnerability scanner to identify more vulnerabilities and scan more reliably. Below are just some highlights of the new vulnerability checks and improvements:

  • Possible Source Code Disclosure for Perl, Python, Ruby and Java
  • Java Stack Trace Disclosure
  • Improved the coverage of Remote Code Execution via LFI vulnerabilities
  • Improved cross-site scripting vulnerability confirmation patterns
  • Improved the Form Authentication wizard
  • Improved the DOM parser

For more details about what is new and improved in the latest version of Netsparker Web Application Security Scanner read the Netsparker 3.5 features highlight notes.

About Netsparker Ltd

Netsparker Ltd is a young and enthusiastic UK based company. Netsparker is focused on developing a single automated web security product, the false positive free Netsparker Web Application Security Scanner. Netsparker management and engineers have more than a decade of experience in the web application security industry that is reflected in their product, Netsparker Web Application Security Scanner. Founded in 2009, Netsparker’s automated web vulnerability scanner  is one of the leading security tools used by world renowned companies such as Samsung, NASA, Skype, ING and Ernst & Young.

About the Author

Ferruh Mavituna - Founder, Strategic Advisor

Ferruh Mavituna is the founder and CEO of Invicti Security, a world leader in web application vulnerability scanning. His professional obsessions lie in web application security research, automated vulnerability detection, and exploitation features. He has authored several web security research papers and tools and delivers animated appearances at cybersecurity conferences and on podcasts. Exuberant at the possibilities open to organizations by the deployment of automation, Ferruh is keen to demonstrate what can be achieved in combination with Invicti’s award-winning products, Netsparker and Acunetix.