Burp Suite User Forum

Create new post

Burp Suite Scan Audit (SQLi)

James | Last updated: Jun 14, 2024 02:57PM UTC

Does Burp suite Scan Audit use SAFE SQLi payload when scanning the target app. I would just like to make sure. Thanks.

Josh, PortSwigger Agent | Last updated: Jun 17, 2024 09:40AM UTC

Hi James, not necessarily. Burp sends all types of payloads to your application when it tries to detect SQL injection. Depending on how your application handles this, it may be possible that these payloads take down the application or harm the database. If you have a dev application you can scan against, you may find it helpful to run a scan against that first to see the sort of payloads we'll send.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.