Website vulnerability scanning_

Audit security fast with the world's most widely used vulnerability scanner

What is website vulnerability scanning?

Website vulnerability scanning is the fastest way to find holes in a site's security. Defenders can run automated scans regularly - allowing them to fix problems as they appear. This is important given the fast-moving nature of cybersecurity. Without vulnerability scanning, it can be very hard to keep up and stay compliant / avoid a data breach.

To do all this, defenders use a piece of software called a web vulnerability scanner. Vulnerability scanners are much more efficient than manual testing, and the best tools will flag all but the most exotic bugs. The vulnerability scanner at the heart of Burp Suite Professional and Burp Suite Enterprise Edition is one such tool.

Why do you need a vulnerability scanner?

Data protection regulation is on the increase. The potential fallout from a data breach is worse than ever before. And yet poor security awareness means websites are often built with flaws - leaving them at risk of cyber-attack. By vulnerability testing using software like Burp Suite, you can cut that risk dramatically.

Even expert penetration testers benefit from using vulnerability scanners. Humans simply cannot examine a website as fast and in as much detail as a computer can. And using a scanner will provide an overview of a site's security in short order. This leaves the pentester free to use their skills to probe for esoteric flaws.

Why vulnerability scanner
Burp Suite difference

The Burp Suite difference

With over 40,000 users, Burp Suite is the world's most widely used web vulnerability scanner. Security professionals, organizations, and development teams all rely on PortSwigger to give them cutting-edge vulnerability awareness. Our scanner reflects this - and leads the market from the front.

A case in point was our groundbreaking OAST (out-of-band application security testing) technique. On its introduction, this feature enabled Burp Suite to see bugs that were completely invisible to other scanners. We believe PortSwigger's research is second to none - and Burp Suite's success is testament to this.

What can Burp web vulnerability scanner do?

Our scanner can use both passive and active methods to test the security of a site. The more aggressive of these methods - active scanning - will actually simulate an attack in order to find vulnerabilities. Burp Suite allows you to tailor scans to your own needs - whether you need a quick and unobtrusive method or a more in-depth view of security.

Our scanner covers the OWASP Top 10 in its entirety. This includes common bugs such as cross-site scripting (XSS) and SQL injection. But Burp goes further than this - detecting a whole host of other vulnerabilities. HTTP request smuggling is a recent example of this and builds heavily on PortSwigger research.

Burp vulnerability scanner

How to choose your vulnerability scanning software

Because there are many uses for a web vulnerability scanner, they tend to come packaged in different ways. PortSwigger, for instance, produces both Burp Suite Professional and Burp Suite Enterprise Edition. Both contain the Burp web vulnerability scanner, but they are very different pieces of software.

Burp Suite Professional is an advanced toolkit for bug bounty hunters and penetration testers. Burp Suite Enterprise Edition is a scalable automated scanner for organizations and development teams. As you can see, a wide variety of organizations choose Burp for their protection:

Amazon Google Walmart FedEx AXA Microsoft Salesforce Bank of America Samsung