We take on the challenges of securing the internet in the face of sophisticated and tenacious attackers. There is no shortage of interesting, complex problems to solve.
Alex B, Technical Product Manager, Burp Scanner
Burp Scanner is a key component of Burp Suite. The Scanner crawls through a website, building an accurate picture of a target, and cutting through obstacles such as stateful functionality and CSRF tokens, by harnessing Chromium's support for modern web technologies.
The Scanner then performs a highly configurable audit on the mapped target, exposing any issues found and categorizing them using a huge list of known vulnerabilities.
Auditing a target requires building an accurate graph of it. Building an accurate picture of the paths through a complex website is a challenging mathematical problem. A key issue for the team is addressing this issue while using a reasonable amount of computational resources.
The Internet is a dizzyingly vast and complex place. The Scanner has to ingest everything the Internet has to offer, no matter how new or badly written. The team often has to write custom parsers to keep the Scanner current.
The Scanner relies heavily on the world-class output of the Research team in detecting and defining new vulnerabilities to look for. The team needs to keep current on the issues that emerge from the less salubrious parts of the web.
The Burp Scanner is written in core Java, with native integration with the Chromium browser using the DevTools protocol.
The tools we use in developing the Scanner include: IntelliJ IDEA, JUnit, Mockito, git, Gradle, TeamCity, Docker, and various AWS services.
We are a diverse group of people with a wide range of interests and backgrounds. What Swiggers have in common is that they all love their work and are exceptionally good at what they do.
Jess H, Journalist
Mike S, Software Developer
Mohamed H, Software Developer