Burp Suite User Forum

Login to post

Repeated scans finding new vulnerabilities not found in previous scans

Mark | Last updated: May 13, 2022 05:55PM UTC

The team I am currently working with has been executing a series of scans on the system. For the most part we have had very little issue identifying and fixing any errors that are found. Where my concerns and questions arise is in the stage where I am re-running scans after fixing issues in order to obtain a clean report. We were able to get high priority issues under 5, but after fixing those issues and re running another scan there were another 11 found that have not been seen in any of the previous 6 scans completed. I do not understand how or why when there are the same amount of requests sent, and locations discovered that there are issues showing up that were not found before. This is a bit of an issue because in the end we need a clean scan result. Are there any ways to alleviate this short of fixing the issues, running another, fixing the issues, running another.. until it just returns a clean result?

Michelle, PortSwigger Agent | Last updated: May 16, 2022 08:47AM UTC

Thanks for your message. Without seeing more details of the scans and any details reported in the event log for each scan, it's hard to say whether the new issues appeared as a result of the changes made or whether they were there originally but errors or timeouts prevented Burp from finding them on the initial scan. To be sure of getting a clean result, it is worth re-running the scan using a new project file.

You need to Log in to post a reply. Or register here, for free.