Talk With an Expert

Burp Suite(up) with fancy scanning mechanisms

Burp Suite(up) with fancy scanning mechanisms (PDF, 7.18MB)Published: 28 Dec, 2015
Created by
Zoltan Panczel

Burp Suite Professional is one of the best web application vulnerability scanners in themarket. The application has lots of useful built-in functions to find security problems.The main problem is the slowly updated scanning engine. Security experts find newattack methods almost every day, but up-to-date integration of these into the scanner isquite impossible. Hopefully, Burp Suite has the Extender function for developing newscanning techniques. Based on an eBay hacking bug bounty result, Drupal 7 SQLinjection vulnerability, Perl DBI problems and UTF8 Cross-Site Scripting a new scannerextension was born. The ActiveScan++ extension is good starting point to develop a newscanning approach. The new implementation is good for every aspect of web applicationvulnerability assessments, for example, bug bounties.