ENTERPRISE

4. Analyze your scan's results

  • Last updated: September 9, 2021

  • Read time: 3 Minutes

In this tutorial, we'll show you how to use the dashboards and analytics features to interpret the results of your scan and begin taking steps to resolve any issues.

Step 1: Get a summary of your site's security posture

Select your scan and go to the Overview tab. This contains various charts that give you a quick snapshot of how secure your site is. If your scan is still running, these will be updated in real time as more vulnerabilities are detected.

Burp Suite Enterprise Edition's Overview screen

Step 2: Look at the identified issues

Go to the Issues tab to see a list of all security issues that have been identified by the scan so far. These are color-coded based on the estimated severity of the issue.

Issues are grouped by type. You can expand each issue type to see all of the URLs where it was detected.

Burp Suite Enterprise Edition's Issues view

Step 3: Filter the issues list

When faced with a large number of issues, you'll want to prioritize. Use the buttons at the top of the list to apply filters so that only issues with a High severity and Certain confidence rating are displayed.

Filtering an issues list in Burp Suite Enterprise Edition

Note

The confidence level is determined by the inherent accuracy of the techniques used to detect each type of issue. Issues with a lower confidence level may require manual confirmation.

Step 4: Get more information about the issue

Select one of the URLs where Cross-site scripting (reflected) was detected.

The Advisory tab provides information to help you understand what the problem is and what actions you can take to resolve the issue. In some cases, you'll find links to the Web Security Academy, where you can practice exploiting the issue yourself on a series of deliberately vulnerable websites.

Vulnerability information and remediation advice as seen in Burp Suite Enterprise Edition

Step 5: Examine the evidence

Additional tabs display the evidence that Burp Scanner has found for the issue. What kind of evidence is available depends on the issue type. In this case, you can see tabs containing snippets of the relevant HTTP request and response.

Open the request and notice the proof-of-concept payload that Burp Scanner sent to your site. This is highlighted in red.

A HTTP request shown in Burp Suite Enterprise Edition, with XSS payload highlighted

Open the response and observe that this payload was reflected in the returned HTML content, potentially enabling an attacker to execute arbitrary JavaScript in another user's browser.

Step 6: Exclude false positives

After manually reviewing a reported issue, you may decide that it is, in fact, a false positive. Once the scan has finished running, select any issue, then click Mark as false positive.

You are prompted to apply this change to similar issues found elsewhere on the site, but for now, just accept the default setting.

Marking an issue as a false positive in Burp Suite Enterprise Edition

Step 7: Report your findings

You'll often want to report the results of your scan to other stakeholders who don't have access to Burp Suite Enterprise Edition. For example, you need to pass details of any findings to your development teams so that they can work on a fix.

Go back to the scan and open the Reporting & logs tab. Download a detailed report, including high and medium severity issues, with false positives excluded.

Downloading a custom report in Burp Suite Enterprise Edition

Working with scan results

If you'd like to learn more about working with scan results, check out the following video for a guided tour of the basics:

Next step - Continue learning about Burp Suite Enterprise Edition

CONTINUE

In this tutorial

  1. On-premise deployment
  2. Run your first scan
  3. Analyze scan results