Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Opinions on Burp Suite Web App Scanner

From: Robin Wood <robin () digininja org>
Date: Wed, 12 Oct 2011 18:14:48 +0100
On 12 October 2011 16:31, Derrenbacker,  L. Jonathan
<JDerrenbacker () kshgs com> wrote:

I have budget for a web app vulnerability scanner, and I was wondering if anyone has opinions on the professional 
version Burp Suite with the scanner option.
Is the scanner any good? Accurate?

This is the website if anyone doesn't know what it is:
http://portswigger.net/burp/scanner.html


It is a brilliant tool, well worth the cash compared to the much more
expensive alternatives. The built in scanner is fairly accurate, has a
few problems with LDAP injection false positives but tends to find XSS
and SQLi pretty well.

Robin





Thanks,
Jon

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: