Reduce the costs of security testing

Gain fast feedback of security bugs by letting your developers know as soon as vulnerabilities are introduced.

Bring security testing forward in the development lifecycle, and reduce expensive penetration tests at the end of projects.

See vulnerabilities deep inside your application using Burp Infiltrator

Our powerful IAST technology lets Burp Scanner see when data is handled unsafely within the application.

Install the Burp Infiltrator instrumentation in your staging server, and Burp will report whenever input is passed to a potentially dangerous API.

Burp reports the exact location of the issue, and the stack trace when it was triggered, allowing speedy investigation.

Using Burp Infiltrator, you can detect the most obscure and hard to reach vulnerabilities that can elude even the most powerful dynamic web scanners, due to partial input validation or unusual input transformations that can leave standard testing payloads unable to reliably trigger vulnerabilities.

Read more

Build security awareness in your development team

Developers hate committing bugs.

Automating detection of security vulnerabilities during development is the best way for developers to learn about them.

"Thanks for such a fantastic tool and for your support responses"

- Michelle Simpson, Security Consultant, NCC Group

“Burp rules them all. Keep it up. :-)”

- Russ McRee, Principal Security PM Lead, Microsoft

"Burp is my go to tool for testing web applications. It's best in class! Can't wait to see what the future holds."

- Kevin Johnson, CEO, Secure Ideas

google
amazon
atandt
walmart
verizon
salesforce
ebay
hp
vodaphone
microsoft
oracle
samsung
fedex

Stories from the Daily Swig about secure development

CVE board looks ahead to the next 20 years of vulnerability identification

As the number of entries in the CVE database surpasses the 100,000 mark, board members Chris Levendis and Kent Landfield take stock of the program’s journey to becoming the world’s de facto vulnerability identification standard. 16 May 2018 CVE board looks ahead to the next 20 years of vulnerability identification As the number of entries in the CVE database surpasses the 100,000 mark, board members Chris Levendis and Kent Landfield take stock of the program’s journey to becoming the world’s de facto vulnerability identification standard.

A direct hit on anti-censorship?

Google and Amazon move to end domain fronting. 04 May 2018 A direct hit on anti-censorship? Google and Amazon move to end domain fronting.

IoT encryption: ‘Lightweight’ does not mean ‘easy-to-break’

NIST’s Kerry McKay discusses the agency’s recent call for new cryptographic standards to protect web-enabled devices. 02 May 2018 IoT encryption: ‘Lightweight’ does not mean ‘easy-to-break’ NIST’s Kerry McKay discusses the agency’s recent call for new cryptographic standards to protect web-enabled devices.

Microsoft’s lethargic Tuesday

Security patch timeline comes under scrutiny. 17 April 2018 Microsoft’s lethargic Tuesday Security patch timeline comes under scrutiny.

Talking cyber to the board: ‘Above all, they don’t want jargon’

11 April 2018 Talking cyber to the board: ‘Above all, they don’t want jargon’ Today’s security specialists need to be both cyber experts and cyber translators, according to Joanna Place, deputy governor and chief operating officer of the Bank of England.

SAML vulnerability abuses SSO to impersonate other users

01 March 2018 SAML vulnerability abuses SSO to impersonate other users A flaw within the Security Assertion Markup Language standard can be exploited to enable hackers to pose as someone else.

Slave to the algorithm

GitHub removes legacy cryptographic standards. 26 February 2018 Slave to the algorithm GitHub removes legacy cryptographic standards.

Google rolls out adblocker for Chrome

16 February 2018 Google rolls out adblocker for Chrome Built-in browser feature aims to tackle annoying and intrusive ads.