Accelerate your work

Burp’s efficient testing workflow lets you find key vulnerabilities quickly.

You have full visibility and control of every action that Burp performs, letting you quickly find and probe the most promising attack surface.

Uncover invisible security flaws using Burp Collaborator

Burp’s unique out-of-band technology can reveal serious vulnerabilities that are impossible to detect using conventional means.

Burp sends payloads designed to trigger network interactions with the external Burp Collaborator server, allowing detection of numerous hidden vulnerabilities.

Burp has payloads aimed at finding numerous categories of vulnerabilities, including SQL injection, OS command injection, and blind cross-site scripting. These can detect completely invisible vulnerabilities where there is no error message or other evidence in the application's responses, and where it is not even possible to cause a time delay.

Vulnerabilities that are triggered after scanning is completed can even be reported retrospectively, when the interaction eventually occurs.

Read more

"Thanks for such a fantastic tool and for your support responses"

- Michelle Simpson, Security Consultant, NCC Group

“Burp rules them all. Keep it up. :-)”

- Russ McRee, Principal Security PM Lead, Microsoft

"Burp is my go to tool for testing web applications. It's best in class! Can't wait to see what the future holds."

- Kevin Johnson, CEO, Secure Ideas

PortSwigger News

View More

Success Stories

View More
Get Burp

Stories from The Daily Swig about web security testing

Remote code execution bug resolved in D-Link storage device

19 September 2019 Remote code execution bug resolved in D-Link storage device Newly-disclosed vulnerability awarded highest possible CVSS severity rating

Alarm over zero-day cross-site request forgery in phpMyAdmin

Clicking on the wrong hyperlink could let attackers delete servers 17 September 2019 Alarm over zero-day cross-site request forgery in phpMyAdmin Clicking on the wrong hyperlink could let attackers delete servers

LastPass updates browser add-on to defend against clickjacking threat

16 September 2019 LastPass updates browser add-on to defend against clickjacking threat Users tricked into disclosing credentials

#SocialSec – w/e 13 Sept

Hot takes on this week’s biggest cybersecurity news 13 September 2019 #SocialSec – w/e 13 Sept Hot takes on this week’s biggest cybersecurity news

The end is nigh: Browser-makers ditch support for aging TLS protocols

13 September 2019 The end is nigh: Browser-makers ditch support for aging TLS protocols Website owners have roughly six months to upgrade or risk disruption to domain access

IoT insecurity blamed for massive increase in malicious web traffic

12 September 2019 IoT insecurity blamed for massive increase in malicious web traffic F-Secure reports almost 3bn attacks against honeypot servers in first six months of 2019

E-voting intrusion test

Swiss Post bug bounty moderator tallies submissions 11 September 2019 E-voting intrusion test Swiss Post bug bounty moderator tallies submissions

DoS vulnerabilities found in popular Netgear router

10 September 2019 DoS vulnerabilities found in popular Netgear router DoS security flaws can be exploited via crafted SOAP and HTTP requests