Burp Scanner
Burp Scanner is a state-of-the-art vulnerability scanner
for web applications. It is designed with security testers in mind, to
integrate closely with your existing techniques and methodologies for manual
and automated testing.
Unlike other scanners, Burp gives you fine-grained control over which
items get scanned, and gives you immediate feedback and results for each
scanned item. Depending on your requirements, you can use Burp Scanner to
perform:
- Passive scanning of all requests and responses made
through Burp Proxy, to identify flaws such as
information disclosure, insecure use of SSL, and cross-domain
exposure. This lets you safely find bugs without sending any
additional requests to the application.
- Active scanning of all in-scope requests passing
through Burp Proxy. This lets you use your
browser to walk Burp Scanner through the interesting parts of the
application's functionality that you want to actively scan. Burp Scanner
will then send numerous additional requests to the target application,
to identify vulnerabilities such as SQL injection, cross-site scripting
and file path traversal.
- User-directed scanning of selected requests. This
lets you select specific requests within any of the Burp
Suite tools, and send these for active or
passive scanning. This usage is ideal when you are manually testing
individual parts of an application's functionality, as you can use Burp
Scanner to automatically test for a wide range of vulnerabilities while
you focus your effort on tasks that require human intelligence to
perform.
Burp Scanner does not employ a simple database of checks. Rather, it was
designed by experienced security testers to reproduce the actions of a
skilled, methodical human tester. Its advanced, feedback-driven scan
logic delivers an extremely high rate of vulnerability detection,
with minimal false positives.
Various
independent studies have shown that Burp Scanner is amongst the most
powerful and effective web scanners on the market, representing outstanding value
for money compared to other products.
Screenshots - click to enlarge
login
