Burp’s efficient testing workflow lets you find key vulnerabilities quickly.
You have full visibility and control of every action that Burp performs, letting you quickly find and probe the most promising attack surface.
Burp’s unique out-of-band technology can reveal serious vulnerabilities that are impossible to detect using conventional means.
Burp sends payloads designed to trigger network interactions with the external Burp Collaborator server, allowing detection of numerous hidden vulnerabilities.
Burp has payloads aimed at finding numerous categories of vulnerabilities, including SQL injection, OS command injection, and blind cross-site scripting. These can detect completely invisible vulnerabilities where there is no error message or other evidence in the application's responses, and where it is not even possible to cause a time delay.
Vulnerabilities that are triggered after scanning is completed can even be reported retrospectively, when the interaction eventually occurs.
"Thanks for such a fantastic tool and for your support responses"
- Michelle Simpson, Security Consultant, NCC Group
“Burp rules them all. Keep it up. :-)”
- Russ McRee, Principal Security PM Lead, Microsoft
"Burp is my go to tool for testing web applications. It's best in class! Can't wait to see what the future holds."
- Kevin Johnson, CEO, Secure Ideas