Improved scan speedįurther optimized performance in default settings - enabling faster scans without compromising coverage. The Pay as you scan subscription option enables you to pay only for the scans you actually use - and is ideal for organizations just beginning their security journey. This broadens the range of APIs you are able to test automatically. GraphQL-based APIĮxpose much of Burp Suite Enterprise Edition's core functionality for extensive improvements to site editing, scan settings, reporting, and scanning machine management.īurp Scanner can check for security vulnerabilities in APIs that use the GraphQL language. View and manage configurations, extend crawl and audit settings, view individual URL details, and view aggregated issue reporting. Enable authenticated access for almost any target site, such as those using JavaScript-heavy logins or single sign-on. Recorded login sequencesĪuthenticate to any application by recording complex login sequences with a browser plugin. Perform software composition analysis (SCA) of client-visible code, and report JavaScript libraries in use containing known vulnerabilities. Burp extensionsīy popular demand, you can now customize Burp Suite Enterprise Edition using extensions. Issue-tracking integrationsīurp Suite Enterprise Edition now supports issue tracking integration using Slack, Trello, and GitLab. HTTP/2-specific vulnerability reportingīurp Scanner can now report new classes of HTTP/2-specific vulnerabilities. Replay and view recorded login ( authenticated scanning) sequences executed during scans, to check for issues during the login process. Audit of asynchronous trafficīurp Scanner now automatically audits in-scope API requests that are issued from client-side JavaScript using XHR and Fetch. This improves scanning of applications that make heavy use of client-side JavaScript for navigation, and lays a strong foundation for further development of the scanner. We have fundamentally changed the way that Burp Scanner navigates using its built-in browser. Reconfigure all the sites in a particular folder - for scan configuration, scanning machine pools, extensions used, etc. Make changes at folder level, as a bulk action in the UI. This helps to ensure that you only scan the URLs you intend to. Improved site setupĭefine your site scope more easily when setting up scans. This improves performance when scanning input elements that lack an enclosing form tag. Read all release notesīurp Suite Enterprise Edition can handle forms when scanning single page applications (SPAs) built on React. Improved SPA scanningīurp Scanner now handles navigational actions that cause DOM updates without a synchronous request to the server, allowing better handling of single-page applications. Use single sign-on to remove the need to create and manage users. Single sign-onĬonfigure an LDAP connection between Burp Suite Enterprise Edition and your Active Directory. We've also improved navigation through the UI, as well as product look and feel. Improved user experienceĭisplay scanned URLs as a tree, to make site structure easier to see. API scanning: first phaseĮnumerate API endpoints to scan APIs across your application portfolio process OpenAPI (Swagger) definitions. Extended scanning machine capabilitiesĮnsure scans are carried out using the most suitable scanning machines - based on network location, system resources, or other factors. Improved navigational coverageīurp Scanner now detects and interacts with more DOM elements that can cause JavaScript-triggered navigation, in addition to conventional links and forms. We have improved the placement and encoding of scan payloads within JSON and XML data structures. Server-side template injectionīurp Scanner can now detect injection into a wider range of templating engines, and will employ OAST techniques to detect blind SSTI. Browser-powered scanning by defaultīest-in-class coverage and scanning performance for challenging targets like AJAX-heavy single page apps, with browser-driven (Chromium) scanning. This enables auto-scaling of scanning resources. Kubernetes deploymentīurp Suite Enterprise Edition now has a Kubernetes deployment option available, using a Helm chart. Support for popups in recorded login sequencesĪddition of support for popup page elements when using Burp Scanner's recorded login ( authenticated scanning) feature. This is an area we will periodically revisit. Multiple improvements to Burp Scanner's performance when scanning web applications built using popular JavaScript frameworks. Improved scanning of JavaScript frameworks Integrate Burp Suite Enterprise Edition with any CI/CD platform that can run a Docker container - and get fast security feedback to your web developers.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |