Description
Burp Suite is the leading software for web security testing
Thousands of organizations use Burp Suite to find security exposures before it’s too late. By using cutting-edge scanning technology, you can identify the very latest vulnerabilities. Our researchers frequently uncover brand new vulnerability classes that Burp is the first to report.
Burp Suite constantly raises the bar of what security testing is able to achieve.
Coverage of over 100 generic vulnerabilities, such as SQL injection and cross-site scripting (XSS), with great performance against all vulnerabilities in the OWASP top 10.
Burp has pioneered the use of highly innovative out-of-band techniques (OAST) to augment the conventional scanning model. The Burp Collaborator technology allows Burp to detect server-side vulnerabilities that are completely invisible in the application’s external behavior, and even to report vulnerabilities that are triggered asynchronously after scanning has completed.
Burp’s scanning logic is continually updated with enhancements to ensure it can find the latest vulnerabilities and new edge cases of existing vulnerabilities. In recent years, Burp has been the first scanner to detect novel vulnerabilities pioneered by the Burp research team, including template injection and web cache poisoning.
Burp’s cutting-edge web application crawler accurately maps content and functionality, automatically handling sessions, state changes, volatile content, and application logins.
Burp Scanner includes a full JavaScript analysis engine using a combination of static (SAST) and dynamic (DAST) techniques for detection of security vulnerabilities within client-side JavaScript, such a DOM-based cross-site scripting.
The Burp Infiltrator technology can be used to perform interactive application security testing (IAST) by instrumenting target applications to give real-time feedback to Burp Scanner when its payloads reach dangerous APIs within the application.
All reported vulnerabilities contain detailed custom advisories. These include a full description of the issue, and step-by-step remediation advice. Advisory wording is dynamically generated for each individual issue, with any special features or remediation points accurately described.