Thursday, February 6, 2014

Burp Suite Pro shines in new survey

A new survey has just been published comparing the performance of 63 different web application security scanners. This is what it says overall about Burp Suite Pro:
"Burp is the undisputed winner of the overall versatility category, was the winner in the input vector support category, got one of the highest scores in detecting Backup/Hidden Files, and decent scores in many other categories. It also came out FIRST in the SQL Injection and Reflected XSS categories, and dramatically improved its RFI score."
There is a lot of technical detail in the survey results that we plan to work through, to understand exactly how Burp performed, and can be improved even further.

In the past few months, we've made numerous significant enhancements to Burp Scanner, adding support for nested insertion points, new payload encodings, new categories of vulnerability, and improved coverage of existing scan checks. But we're far from complacent: this year we will continue enhancing the Scanner engine to find even more edge-case vulnerabilities, and also the Spider tool to improve Burp's fully automated crawling capabilities.

As always, new features and enhancements to Burp Suite Pro are made available free to licensed users, and the cost of a Burp license will not be increasing during 2014.