login

Burp Suite, the leading toolkit for web application security testing

Burp Scanner Documentation

Burp Scanner is a tool for automatically finding security vulnerabilities in web applications. It is designed to support penetration testers and fits closely into Burp's user-driven testing workflow.

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Thursday, September 8, 2016

1.7.06

This release introduces a new scan check for second-order SQL injection vulnerabilities. In situations where Burp observes stored user input being returned in a response, Burp Scanner now performs its usual logic for detecting SQL injection, with payloads supplied at the input submission point, and evidence for a vulnerability detected at the input retrieval point.

See all release notes ›

Copyright © 2016 PortSwigger Ltd. All rights reserved.