Screenshots - click to enlarge
Burp Scanner is a state-of-the-art vulnerability scanner for web applications. It is designed with security testers in mind, to integrate closely with your existing techniques and methodologies for manual and automated testing.
Unlike other scanners, Burp gives you fine-grained control over which items get scanned, and gives you immediate feedback and results for each scanned item. Depending on your requirements, you can use Burp Scanner to perform:
- Passive scanning of all requests and responses made through Burp Proxy, to identify flaws such as information disclosure, insecure use of SSL, and cross-domain exposure. This lets you safely find bugs without sending any additional requests to the application.
- Active scanning of all in-scope requests passing through Burp Proxy. This lets you use your browser to walk Burp Scanner through the interesting parts of the application's functionality that you want to actively scan. Burp Scanner will then send numerous additional requests to the target application, to identify vulnerabilities such as SQL injection, cross-site scripting and file path traversal.
- User-directed scanning of selected requests. This lets you select specific requests within any of the Burp Suite tools, and send these for active or passive scanning. This usage is ideal when you are manually testing individual parts of an application's functionality, as you can use Burp Scanner to automatically test for a wide range of vulnerabilities while you focus your effort on tasks that require human intelligence to perform.
Burp Scanner does not employ a simple database of checks. Rather, it was designed by experienced security testers to reproduce the actions of a skilled, methodical human tester. Its advanced, feedback-driven scan logic delivers an extremely high rate of vulnerability detection, with minimal false positives.
Various independent studies have shown that Burp Scanner is amongst the most powerful and effective web scanners on the market, representing outstanding value for money compared to other products.