Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Opinions on Burp Suite Web App Scanner
From: Robin Wood <robin () digininja org>
Date: Wed, 12 Oct 2011 18:14:48 +0100

On 12 October 2011 16:31, Derrenbacker,  L. Jonathan
<JDerrenbacker () kshgs com> wrote:
I have budget for a web app vulnerability scanner, and I was wondering if anyone has opinions on the professional 
version Burp Suite with the scanner option.
Is the scanner any good? Accurate?

This is the website if anyone doesn't know what it is:
http://portswigger.net/burp/scanner.html

It is a brilliant tool, well worth the cash compared to the much more
expensive alternatives. The built in scanner is fairly accurate, has a
few problems with LDAP injection false positives but tends to find XSS
and SQLi pretty well.

Robin




Thanks,
Jon

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]