Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Secure Coding Testing

Kabilan | Last updated: Sep 13, 2021 08:32AM UTC

Hi Team, Please confirm that whether the secure coding testing is possible using the Burpsuite tool with the current license. Regards, Kabilan.

Uthman, PortSwigger Agent | Last updated: Sep 13, 2021 08:54AM UTC

Hi Kabilan, Thank you for your message. Secure code testing is a broad topic. Can you clarify what you mean, please? If you are referring to DAST, the Burp Scanner offers this (included in the product). For SAST, this is limited to client-side JavaScript. - https://portswigger.net/burp/application-security-testing/dast If you are referring to CI/CD integration, Burp Suite Enterprise is a more suitable product so I would encourage you to complete a free trial: - https://portswigger.net/burp/enterprise/trial - https://portswigger.net/burp/documentation/enterprise/administration-tasks/ci-cd Please let me know if you have any further questions. Best Regards, Uthman Eqbal Technical Product Specialist PortSwigger

Kabilan | Last updated: Sep 13, 2021 10:02AM UTC

Hi Team, I am referring to SAST, to check the application source code, byte code, and binaries for coding and design conditions that are indicative of security vulnerabilities. Regards, Kabilan.

Kabilan | Last updated: Sep 13, 2021 10:02AM UTC

Hi Team, I am referring to SAST, to check the application source code, byte code, and binaries for coding and design conditions that are indicative of security vulnerabilities. Regards, Kabilan.

Uthman, PortSwigger Agent | Last updated: Sep 13, 2021 10:11AM UTC

Hi Kabilan, Thanks for clarifying that :) The only SAST the scanner does is on client-side JavaScript. You can find out more information below: - https://portswigger.net/burp/documentation/scanner/auditing#javascript-analysis To test bytecode, you can use the Infiltrator: - https://portswigger.net/burp/documentation/infiltrator The focus of our scanner is DAST so it may be worth using this alongside a tool that is focused on SAST (e.g. Sonarqube).

Kabilan | Last updated: Sep 14, 2021 05:22AM UTC

Hi Team, Is it possible to show the demo about SAST and DAST scan mainly source code review? Regards Kabilan.

Uthman, PortSwigger Agent | Last updated: Sep 14, 2021 08:33AM UTC

Hi Kabilan, We do not offer product demos/walkthroughs, unfortunately. The best way to understand how well Pro fits your use case is by completing a free trial and running some scans. It looks like you already have some licenses so it may be beneficial to check out the resources below: - https://www.youtube.com/playlist?list=PLoX0sUafNGbH9bmbIANk3D50FNUmuJIF3 - https://portswigger.net/burp/documentation/scanner You can also create a new scan configuration with the static/dynamic analysis techniques disabled individually under JavaScript Analysis in your Auditing scan configuration. If you combine this with enabling the scan checks that only use JavaScript analysis, you can use the Logger to see what the scanner is doing. If you have any further issues or questions, please feel free to email support@portswigger.net

Kabilan | Last updated: Sep 14, 2021 10:45AM UTC

Hi Team, What are the use cases available for Burpsuite pro? Regards, Kabilan.

Uthman, PortSwigger Agent | Last updated: Sep 14, 2021 01:32PM UTC

You can find out further information in the product documentation: - https://portswigger.net/burp/documentation/desktop Essentially, you have access to an array of tools to help you with both manual and automatic web application security testing. The scanner is more relevant for your use case since you are focused on the SAST/DAST element of the product.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.