BurpSuite Pro Technical Overview by E-SPIN

Web vulnerability scanner

• Advanced manual tools
• Essential manual tools
• Automated crawl and scan

Burp’s advanced application-aware crawler can be used to map out application contents, prior to automated scanning or manual testing.

Advanced scanning for manual testers

• View real-time feedback of all actions being performed during scanning. The active scan queue shows the progress of each item that is queued for scanning. The issue activity log shows a sequential record of all issues as they are added or updated.
• Burp Scanner can automatically move parameters between different locations, such as URL parameters and cookies, to help evade web application firewalls and other defenses.
• Burp can optionally report all reflected and stored inputs, even where no vulnerability has been confirmed, to facilitate manual testing for issues like cross-site scripting.
• Different modes for scan accuracy, to optionally favor more false positives or negatives.

Cutting-edge scanning logic

• Burp Scanner is designed by industry-leading penetration testers. Its advanced feedback-driven scanning logic is designed to reproduce the actions of a skilled human tester.
• Advanced crawling capabilities (including coverage of the latest web technologies such as REST, JSON, AJAX and SOAP), combined with its cutting-edge scanning engine, allow Burp to achieve greater scan coverage and vulnerability detection than other fully automated web scanners.
• Burp has pioneered the use of highly innovative out-of-band techniques to augment the conventional scanning model. The Burp Collaborator technology allows Burp to detect server-side vulnerabilities that are completely invisible in the application’s external behavior, and even to report vulnerabilities that are triggered asynchronously after scanning has completed.
• The Burp Infiltrator technology can be used to perform interactive application security testing (IAST) by instrumenting target applications to give real-time feedback to Burp Scanner when its payloads reach dangerous APIs within the application.

This video is about BurpSuite Pro Technical Overview by E-SPIN that will give you more information regarding this product.

For those who can not join us for the session, please see the summary and highlight clip for the event.

E-SPIN recently run a BurpSuite Pro what’s new session cover what new for new user and existing users.

If you have any inquiry or questions, feel free to contact E-SPIN for solution, product and project requirements.