PROFESSIONAL

Issues

  • Last updated: October 20, 2023

  • Read time: 2 Minutes

The Issues tab displays any issues that Burp Scanner finds during a task or scan.

Note

Each issue is only recorded the first time it is found.

The Issues table enables you to:

  • Monitor scan results.
  • Review new issues as they are reported.
  • Assign confidence and severity levels to issues.
  • Report and delete issues.

Each item in the Issues table contains the following details:

  • Time - The time that the issue was found.
  • Source - The task that found the issue.
  • Issue type - The issue type.
  • Host - The host server for the issue.
  • Path - Where applicable, the URL path to the issue location.
  • Insertion point - Where applicable, the type of insertion point used in the request that found the issue.
  • Severity - High, medium, low, or information.
  • Confidence - Tentative, firm, or certain.
  • Comment - Any user-applied comment. Double-click this field to add a comment.

Analyzing issue activity

To filter the Issues table, use the buttons at the top of the tab. You can filter using the following conditions:

  • Severity.

  • Confidence.

  • Type of check, selected from the following:

    • BChecks.
    • Scan checks.
    • Extensions.

To filter the issues by a specific term, use the Search bar.

Select an issue to view further information on it in the panel below the table. The following tabs are available:

  • Advisory - A summary of the issue. This contains a description of the issue and remediation advice.

  • Request - This tab is displayed if the issue was triggered by a request payload. It highlights the payload that triggered the issue.

  • Response - This tab is displayed if the issue was reflected in a response. It highlights the issue location.

  • Path to issue - This tab is displayed if the issue was triggered by a request payload. It displays the actions taken by Burp Scanner that led to the request being sent.

Managing issues

Right-click an issue to perform further actions:

  • Add comment - Add a comment to the item.

  • Highlight - Apply a highlight color to the item.

  • Set severity - Reassign the issue's severity level. You can flag the issue as a false positive.

  • Set confidence - Reassign the issue's confidence level.

  • Delete issue - Delete selected issues from the table.

  • Report selected issues - Generate a report of selected issues. For more information, see Reporting scan results.

If you reassign the severity or confidence level, or capture additional evidence for the issue, then the issue is displayed with its updated details. To restore the original details, right-click an issue and select Restore original value from the context menu.

Related pages

  • Auditing - Gives detailed information on the auditing process, including issue types.
  • Target scope - Gives detailed information on how to set a target scope.

Was this article helpful?