Web vulnerability scanner
- Advanced manual tools
- Essential manual tools
- Automated crawl and scan
Burp’s advanced application-aware crawler can be used to map out application contents, prior to automated scanning or manual testing.
Advanced scanning for manual testers
- View real-time feedback of all actions being performed during scanning. The active scan queue shows the progress of each item that is queued for scanning. The issue activity log shows a sequential record of all issues as they are added or updated.
- Burp Scanner can automatically move parameters between different locations, such as URL parameters and cookies, to help evade web application firewalls and other defenses.
- Burp can optionally report all reflected and stored inputs, even where no vulnerability has been confirmed, to facilitate manual testing for issues like cross-site scripting.
- Different modes for scan accuracy, to optionally favor more false positives or negatives.
Cutting-edge scanning logic
- Burp Scanner is designed by industry-leading penetration testers. Its advanced feedback-driven scanning logic is designed to reproduce the actions of a skilled human tester.
- Advanced crawling capabilities (including coverage of the latest web technologies such as REST, JSON, AJAX and SOAP), combined with its cutting-edge scanning engine, allow Burp to achieve greater scan coverage and vulnerability detection than other fully automated web scanners.
- Burp has pioneered the use of highly innovative out-of-band techniques to augment the conventional scanning model. The Burp Collaborator technology allows Burp to detect server-side vulnerabilities that are completely invisible in the application’s external behavior, and even to report vulnerabilities that are triggered asynchronously after scanning has completed.
- The Burp Infiltrator technology can be used to perform interactive application security testing (IAST) by instrumenting target applications to give real-time feedback to Burp Scanner when its payloads reach dangerous APIs within the application.
This video is about BurpSuite Pro Technical Overview by E-SPIN that will give you more information regarding this product.
For those who can not join us for the session, please see the summary and highlight clip for the event.
E-SPIN recently run a BurpSuite Pro what’s new session cover what new for new user and existing users.
If you have any inquiry or questions, feel free to contact E-SPIN for solution, product and project requirements.