![]() November’s 2020.11 Burp Suite Professional release includes the ability to scan both JSON and YAML-based APIs for vulnerabilities, supporting the OpenAPI (/Swagger) version 3 specification. In line with our mission to help you secure the web, PortSwigger plans to support the security testing of APIs and microservices to cover even more of your web application portfolio. Gartner predicts that by 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise applications. With the problem of complex login sequences solved, you can further automate scanning, saving you time to focus on deep manual penetration testing.ĪPI vulnerability scanningAPIs represent a huge attack surface for many organizations. This information can then be passed through to Burp Suite - giving access to your application and allowing Burp Scanner to check for vulnerabilities. You can now record login sequences using a dedicated browser plugin. We have released new functionality to help address this challenge for users of Burp Suite Professional. Recorded login sequencesA known - and painful - limitation to many automated testing is the inability to authenticate to target web apps for scanning due to them having complex login sequences. ![]() Browser-powered scanning is foundational to a number of Burp Scanner enhancements - including recorded logins - and in future, will allow further improvements in coverage for single page web apps. We've invested a great deal of time making browser-powered scanning reliable - and this is a continuous process. This really is a huge step forward - both for automated vulnerability scanners and for the industry in general.īehind all our innovations stands considerable research and expertise. Because of this, Burp Suite is now able to crawl apps that make heavy use of JavaScript. This allows it to fully render applications - "seeing" content exactly as a user would. Burp Scanner continued its long tradition of innovation this year - with the addition of browser-powered scanning.īurp Scanner can now use an embedded, pre-configured Chromium browser to crawl and audit sites. ![]() Here are some of the latest and greatest features that our customers are using to increase penetration testing productivity, agility, and reliability:īrowser-powered scanning Burp Scanner sits at the heart of Burp Suite and is tried, tested, and trusted by over 51k users. This blog post covers the following recent additions to Burp Suite Professional, all of which have been introduced in 2020: The product has made leaps and bounds since version 1.7 and Burp Suite 2.0, which launched in 2018. We always recommend updating to the latest version to get the most out of the product and our groundbreaking research. With every new release of Burp Suite Professional, we bake in the latest research findings to ensure that you are able to catch vulnerabilities, faster.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |