This tool comes with a number of features to help you edit and analyze messages. The message editor is used throughout Burp Suite for viewing and manipulating HTTP requests and responses, as well as WebSocket messages. We will be expanding our support for enumerating API endpoints, so please let our team know your feedback and requirements. November’s 2020.11 Burp Suite Professional release includes the ability to scan both JSON and YAML-based APIs for vulnerabilities, supporting the OpenAPI (/Swagger) version 3 specification. In line with our mission to help you secure the web, PortSwigger plans to support the security testing of APIs and microservices to cover even more of your web application portfolio. Okta has previously cited Gartner in predicting that by 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise applications. API vulnerability scanningĪPIs represent a huge attack surface for many organizations. With the problem of complex login sequences solved, you can further automate scanning, saving you time to focus on deep manual penetration testing. This information can then be passed through to Burp Suite - giving access to your application and allowing Burp Scanner to check for vulnerabilities. You can now record login sequences using a dedicated browser plugin.
We have released new functionality to help address this challenge for users of Burp Suite Professional. Recorded login sequencesĪ known - and painful - limitation to many automated testing is the inability to authenticate to target web apps for scanning due to them having complex login sequences. Browser-powered scanning is foundational to a number of Burp Scanner enhancements - including recorded logins - and in future, will allow further improvements in coverage for single page web apps. We've invested a great deal of time making browser-powered scanning reliable - and this is a continuous process. This really is a huge step forward - both for automated vulnerability scanners and for the industry in general.īehind all our innovations stands considerable research and expertise. Because of this, Burp Suite is now able to crawl apps that make heavy use of JavaScript. This allows it to fully render applications - "seeing" content exactly as a user would. Burp Scanner continued its long tradition of innovation this year - with the addition of browser-powered scanning.īurp Scanner can now use an embedded, pre-configured Chromium browserto crawl and audit sites.
Here are some of the latest and greatest features that our customers are using to increase penetration testing productivity, agility, and reliability: Browser-powered scanningīurp Scannersits at the heart of Burp Suite and is tried, tested, and trusted by over 51k users. This blog post covers the following recent additions to Burp Suite Professional, all of which have been introduced in 2020: The product has made leaps and bounds since version 1.7 and Burp Suite 2.0, which launched in 2018. We always recommend updating to the latest version to get the most out of the product and our groundbreaking research. With every new release of Burp Suite Professional, we bake in the latest research findings to ensure that you are able to catch vulnerabilities, faster.
0 kommentar(er)
