1. Support Center
  2. BApp Store
  3. Autowasp

Autowasp

Autowasp, a Burp Suite extension that integrates Burp issues logging, with OWASP Web Security Testing Guide (WSTG), to provide a streamlined web security testing flow for the modern-day penetration tester! This tool will guide new penetration testers to understand the best practices of web application security and automate OWASP WSTG checks.

Currently, Autowasp supports the following functionalities:

  • Testing checklist provided by OWASP WSTG
  • Logger tool giving penetration testers the ability to extract and consolidate Burp Scanner issues and Proxy/Repeater/Intruder logs.
  • Map flagged issues to checklist and generate into excel file

A general testing workflow using Autowasp would include the following steps:

  1. Display the OWASP checklist in Autowasp for reference.
  2. Add the target URL to Scope. The scope function will extract related results from Burp Scanner and listen for insecure web request and responses.
  3. Map the scan issues to specific test cases in the checklist. OR
  4. Manually explore the website's pages, then click Enable Burp Scanner Logging to display the scanner issues under the Logger tab.
  5. Map findings to the checklist.
  6. Insert security observations and evidence associated with the logs.
  7. Generate a report containing the checklist, logs, evidence, and comments.
Author GovTech (Thomas Lim)
Version 1.0.1
Rating
Popularity
Last updated 13 April 2021

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for this BApp by visiting our GitHub page.
Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.
Download BApp

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore