Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Secure Coding Testing

Kabilan | Last updated: Sep 13, 2021 08:32AM UTC

Hi Team, Please confirm that whether the secure coding testing is possible using the Burpsuite tool with the current license. Regards, Kabilan.

Uthman, PortSwigger Agent | Last updated: Sep 13, 2021 08:54AM UTC

Hi Kabilan, Thank you for your message. Secure code testing is a broad topic. Can you clarify what you mean, please? If you are referring to DAST, the Burp Scanner offers this (included in the product). For SAST, this is limited to client-side JavaScript. - https://portswigger.net/burp/application-security-testing/dast If you are referring to CI/CD integration, Burp Suite Enterprise is a more suitable product so I would encourage you to complete a free trial: - https://portswigger.net/burp/enterprise/trial - https://portswigger.net/burp/documentation/enterprise/administration-tasks/ci-cd Please let me know if you have any further questions. Best Regards, Uthman Eqbal Technical Product Specialist PortSwigger

Kabilan | Last updated: Sep 13, 2021 10:02AM UTC

Hi Team, I am referring to SAST, to check the application source code, byte code, and binaries for coding and design conditions that are indicative of security vulnerabilities. Regards, Kabilan.

Kabilan | Last updated: Sep 13, 2021 10:02AM UTC

Hi Team, I am referring to SAST, to check the application source code, byte code, and binaries for coding and design conditions that are indicative of security vulnerabilities. Regards, Kabilan.

Uthman, PortSwigger Agent | Last updated: Sep 13, 2021 10:11AM UTC

Hi Kabilan, Thanks for clarifying that :) The only SAST the scanner does is on client-side JavaScript. You can find out more information below: - https://portswigger.net/burp/documentation/scanner/auditing#javascript-analysis To test bytecode, you can use the Infiltrator: - https://portswigger.net/burp/documentation/infiltrator The focus of our scanner is DAST so it may be worth using this alongside a tool that is focused on SAST (e.g. Sonarqube).

Kabilan | Last updated: Sep 14, 2021 05:22AM UTC

Hi Team, Is it possible to show the demo about SAST and DAST scan mainly source code review? Regards Kabilan.

Uthman, PortSwigger Agent | Last updated: Sep 14, 2021 08:33AM UTC

Hi Kabilan, We do not offer product demos/walkthroughs, unfortunately. The best way to understand how well Pro fits your use case is by completing a free trial and running some scans. It looks like you already have some licenses so it may be beneficial to check out the resources below: - https://www.youtube.com/playlist?list=PLoX0sUafNGbH9bmbIANk3D50FNUmuJIF3 - https://portswigger.net/burp/documentation/scanner You can also create a new scan configuration with the static/dynamic analysis techniques disabled individually under JavaScript Analysis in your Auditing scan configuration. If you combine this with enabling the scan checks that only use JavaScript analysis, you can use the Logger to see what the scanner is doing. If you have any further issues or questions, please feel free to email support@portswigger.net

Kabilan | Last updated: Sep 14, 2021 10:45AM UTC

Hi Team, What are the use cases available for Burpsuite pro? Regards, Kabilan.

Uthman, PortSwigger Agent | Last updated: Sep 14, 2021 01:32PM UTC