"Burp Suite Pro is my web app assessment tool-of-choice. It has made my life and my job easier so I can be more efficient."
Jed Mitten, Senior Security Consultant, MANDIANT
"We tried the others, but keep coming back to Burp Suite Pro. Nothing comes near it for application security testing."
Steve Lord, Mandalorian
This release gives the Scanner the capability to report all instances where user input is returned in application responses, both reflected and stored. The information gathered is primarily of use to manual security testers. Some applications contain numerous instances of input retrieval, since it is very common for the entire URL to be reflected within responses. For these reasons, the new Scanner checks are off by default, but can be turned on in the Scanner options.