Burp Suite User Forum

Security standards

Vivek | Last updated: Nov 23, 2018 11:48AM UTC

Do the vunarabilities identified are classified to any security standards (OWASP/CWE)? Also whether the latest scanner covers all the OWASP 2017 top 10 vunarabilities ?

Liam, PortSwigger Agent | Last updated: Nov 23, 2018 11:52AM UTC

Vivek, Burp classifies issues with CWE where appropriate, e.g. - https://portswigger.net/kb/issues/00100100_os-command-injection Yes, Burp can test for all of the vulnerability types listed in the 2017 OWASP top ten. It's worth noting that A10 (Insufficient logging and monitoring) isn't really a vulnerability type, although you could use Burp to test whether attacks trigger your monitoring system.

You need to Log in to post a reply. Or register here, for free.