Burp Suite User Forum

Create new post

Security standards

Vivek | Last updated: Nov 23, 2018 11:48AM UTC

Do the vunarabilities identified are classified to any security standards (OWASP/CWE)? Also whether the latest scanner covers all the OWASP 2017 top 10 vunarabilities ?

Liam, PortSwigger Agent | Last updated: Nov 23, 2018 11:52AM UTC

Vivek, Burp classifies issues with CWE where appropriate, e.g. - https://portswigger.net/kb/issues/00100100_os-command-injection Yes, Burp can test for all of the vulnerability types listed in the 2017 OWASP top ten. It's worth noting that A10 (Insufficient logging and monitoring) isn't really a vulnerability type, although you could use Burp to test whether attacks trigger your monitoring system.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.