Adding authentication credentials for web app sites enables Burp Scanner to discover and audit content that is only accessible to authenticated users.

This section describes how to generate Standard and Compliance reports. You can send scan summary reports automatically, by email.

When you create a new site, the Scan settings > Scan configuration tab enables you to specify one or more configurations to use to scan the site. You must select a scan configuration in order to be ...

Unzip and run the installer. For Linux, run the installer from the terminal. The wizard opens. Follow the wizard, and enter the authentication token when prompted. Enter the hostname of your instance ...

Burp Suite Enterprise Edition enables you to upload an OpenAPI definition to run a specific API scan. You can add new API definitions at any time. API definitions are managed in the Sites menu. Each ...

You can set the type of payload that you want to inject into the base request. Burp Intruder provides a range of options for auto-generating different types of ...

In this section, you'll learn how simple file upload functions can be used as a powerful vector for a number of high-severity attacks. We'll show you how to bypass common defense mechanisms in order ...

This extension identifies hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities, and requires Burp Suite v2021.9 or later. It combines advanced diffing ...

DOM-based XSS vulnerabilities usually arise when JavaScript takes data from an attacker-controllable source, such as the URL, and passes it to a sink that supports dynamic code execution, such as eval ...

Race conditions are a common type of vulnerability closely related to business logic flaws. They occur when websites process requests concurrently without adequate safeguards. This can lead to ...

GraphQL vulnerabilities generally arise due to implementation and design flaws. For example, the introspection feature may be left active, enabling attackers to query the API in order to glean ...

Access control is the application of constraints on who or what is authorized to perform actions or access resources. In the context of web applications, access control is dependent on authentication ...