In this latest report, analysts Joseph Feiman and Neil MacDonald state that “highly publicized breaches in the last 12 months have raised awareness of the need to identify and remediate vulnerabilities at the application layer”. In addition, that “attackers have increased the sophistication and frequency of their attacks, motivated financially by the theft of monetary assets, intellectual property and sensitive information”.
At PortSwigger we have always believed in pushing the boundaries of web security testing, and we continue to invest heavily in our research and development capabilities to help our users to respond to the rapidly evolving threats they face.
Dafydd Stuttard, founder of PortSwigger Web Security commented:
“Our accelerated investment and ambitious roadmap over the last 12 months have resulted in developments that have fundamentally improved the web scanning functionality that is available to our users.
“We released Burp Collaborator in April of this year, which has the potential to revolutionize web security testing. Over time, Burp Collaborator will enable Burp to detect issues like blind XSS, asynchronous code injection, and various as-yet-unclassified vulnerabilities. In the coming months, we will be adding many exciting new capabilities to Burp, based on the Collaborator technology.
“We have also pioneered research into two completely new types of vulnerability. Over the past 12 months we have released scan checks to find both server-side template injection and PRSSI (path-relative style sheet imports). Burp was the first scanner to detect these two serious vulnerabilities.”
Stuttard goes onto say that he is excited about the next 12 months at PortSwigger. “As one of the most widely adopted web security tools in the marketplace, we have a very large and loyal user community, which we will continue to listen to. That, coupled with our ability to remain agile as a company, allows us to respond rapidly to market developments. We are expecting to release many new exciting features in the coming months.”
PortSwigger Web Security is a global leader in the creation of software tools for security testing of web applications. For nearly a decade, we have worked at the cutting edge of the web security industry, and our suite of tools is well established as the de facto standard toolkit used by web security professionals.
Gartner disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation . Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.