Autowasp, a Burp Suite extension that integrates Burp issues logging, with OWASP Web Security Testing Guide (WSTG), to provide a streamlined web security testing flow for the modern-day penetration tester! This tool will guide new penetration testers to understand the best practices of web application security and automate OWASP WSTG checks.
Currently, Autowasp supports the following functionalities:
- Testing checklist provided by OWASP WSTG
- Logger tool giving penetration testers the ability to extract and consolidate Burp Scanner issues and Proxy/Repeater/Intruder logs.
- Map flagged issues to checklist and generate into excel file
A general testing workflow using Autowasp would include the following steps:
- Display the OWASP checklist in Autowasp for reference.
- Add the target URL to Scope. The scope function will extract related results from Burp Scanner and listen for insecure web request and responses.
- Map the scan issues to specific test cases in the checklist. OR
- Manually explore the website's pages, then click Enable Burp Scanner Logging to display the scanner issues under the Logger tab.
- Map findings to the checklist.
- Insert security observations and evidence associated with the logs.
- Generate a report containing the checklist, logs, evidence, and comments.
|Author||GovTech (Thomas Lim)|
|Last updated||11 March 2021|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.