WIP React form handling - Work is progressing on improving the way Burp Scanner handles forms when scanning single page applications (SPAs) built on React. This will enable you to create custom scan checks more easily (without writing a BApp extension). WIP Declarative scan checks - Work is progressing on a new framework to add scan checks to Burp Scanner using a simplified language we've created specifically for this purpose. This improves scanning of applications that make heavy use of client-side JavaScript for navigation, and lays a strong foundation for further development of the scanner. This enables you to run authenticated scans on websites with login mechanisms that require you to interact with popups, such as Microsoft and Amazon's SSO services.ĭone Revamped browser powered scanning - The 2022.12.4 release fundamentally changed the way that Burp Scanner navigates using its built-in browser. Over the next six months, you'll see Burp Scanner gain yet more automated capability - and an exciting new way to customize your scans.ĭone Support for popups in recorded login sequences - The 2022.12.4 release added support for recorded login sequences that open new windows or tabs. It enables tens of thousands of users to scan the modern web both efficiently and effectively.īut PortSwigger isn't exactly known for resting on its laurels, and the first half of 2023 is looking good for Burp Scanner users in terms of releases. Burp Scannerīurp Scanner is used in Burp Suite Enterprise Edition, Burp Suite Professional, and now (to a slightly more limited extent) in our free CI/CD product, Dastardly. And this can mean only one thing - it's time to update you on the changes we've got in store for Burp Suite over the next six months.īut this edition of the Burp roadmap also comes with a slight caveat - because this year we can neither confirm nor deny that we may also have a few surprises up our collective sleeves. Please see our July 2023 roadmap update.īelieve it or not, it's January once again. This is more complex to set up.įor more information, see Using plugins for CI/CD platform integration.The roadmap shown here is out of date. This method triggers a scan to run in the Burp Suite Enterprise Edition environment. We still provide documentation for these plugins for now, to support existing users. Our legacy solution was to provide plugins for both Jenkins and TeamCity. The results of your scans are saved as a JUnit XML file in your CI/CD environment.įor more information, see Integrating CI-driven scans with no dashboard. If you don't need access to the Burp Suite Enterprise Edition dashboard, then this option is the easiest to set up. You can also run Burp Scanner from a Docker container in your CI/CD environment without the need to set up a Burp Suite Enterprise Edition server. You can run this option on any platform that supports Docker containers, including Jenkins, TeamCity, and GitHub Actions.įor more information, see Integrating CI-driven scans. You can view the results of your scans in your CI/CD environment, or in the Burp Suite Enterprise Edition dashboard. The scan results are saved as a JUnit or Burp XML file. It requires you to set up a Burp Suite Enterprise Edition server. This is an easy way to integrate Burp Suite Enterprise Edition with your CI/CD platform. We also have documents for our legacy solution that used plugins.ĬI-driven scans enable you to run Burp Scanner from a Docker container in your CI/CD environment. You can use Burp Suite Enterprise Edition to run CI-driven scans on your CI/CD platform. Integrating with issue tracking platformsĮNTERPRISE Integrating with CI/CD platforms.Configuring a Burp Scan using the generic CI/CD driver.Configuring a site-driven scan using the generic CI/CD driver.Configuring a site-driven scan in TeamCity.Configuring a site-driven scan in Jenkins.Creating an API user for CI/CD integration. Environment network and firewall settings.Raising tickets from within Burp Suite Enterprise Edition.Configuring site and scan data settings.Configuring default false positive settings.Defining the scan configuration for a folder.Defining the scan configuration for a site.Step 2: Back up your data and stop your old service.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |