Title: WebInspect vs Burp Suite Pro??
Post by: blueaxis on May 07, 2012, 09:48:53 AM
Can someone familiar with these products summarize how these 2 products compare?
My understanding was that WebInspect is heavily used for automated testing but then I also notice that Burp Pro has the scanner option which appears to do the same thing.
Title: Re: WebInspect vs Burp Suite Pro??
Post by: j0rDy on May 08, 2012, 01:48:21 AM
I am not familiar with WebInspect, but i use burp pro every day, and the more i rely on it, the more features i discover (even after multiple years of use).
It is so much more than only a proxy. You can actively or passively scan webapplications, compare requests, use the intruder to perform brute forcing, it even has a compare function for sessions to check for randomness in the received session identifier. Heck, it even helps you spider the website, and if you use the active scanner it will find sql injections, xss, path traversals etc. so you can even use it as an automated tool.