Replay and view recorded login ( authenticated scanning) sequences executed during scans, to check for issues during the login process. Audit of asynchronous trafficīurp Scanner now automatically audits in-scope API requests that are issued from client-side JavaScript using XHR and Fetch. This improves scanning of applications that make heavy use of client-side JavaScript for navigation, and lays a strong foundation for further development of the scanner. We have fundamentally changed the way that Burp Scanner navigates using its built-in browser. Use single sign-on to remove the need to create and manage users. Single sign-onĬonfigure an LDAP connection between Burp Suite Enterprise Edition and your Active Directory. We've also improved navigation through the UI, as well as product look and feel. Improved user experienceĭisplay scanned URLs as a tree, to make site structure easier to see. API scanning: first phaseĮnumerate API endpoints to scan APIs across your application portfolio process OpenAPI (Swagger) definitions. Extended scanning machine capabilitiesĮnsure scans are carried out using the most suitable scanning machines - based on network location, system resources, or other factors. Improved navigational coverageīurp Scanner now detects and interacts with more DOM elements that can cause JavaScript-triggered navigation, in addition to conventional links and forms. We have improved the placement and encoding of scan payloads within JSON and XML data structures. Server-side template injectionīurp Scanner can now detect injection into a wider range of templating engines, and will employ OAST techniques to detect blind SSTI. Browser-powered scanning by defaultīest-in-class coverage and scanning performance for challenging targets like AJAX-heavy single page apps, with browser-driven (Chromium) scanning. This enables auto-scaling of scanning resources. Kubernetes deploymentīurp Suite Enterprise Edition now has a Kubernetes deployment option available, using a Helm chart. Support for popups in recorded login sequencesĪddition of support for popup page elements when using Burp Scanner's recorded login ( authenticated scanning) feature.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |