Burp Scanner is a tool for automatically finding security vulnerabilities in web applications. It is designed to support penetration testers and fits closely into Burp's user-driven testing workflow.
Use the links below for help about Burp Scanner:
Get help and join the community discussions at the Burp Suite Support Center.
This release introduces a new scan check for second-order SQL injection vulnerabilities. In situations where Burp observes stored user input being returned in a response, Burp Scanner now performs its usual logic for detecting SQL injection, with payloads supplied at the input submission point, and evidence for a vulnerability detected at the input retrieval point.