.

Burp Suite v1.2.15 Released

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Aug 19, 2009 5:09 pm

Burp Suite v1.2.15 Released


1. Burp Scanner now checks for a few new issues:

XML external entity injection

Server-side XML / SOAP injection

Vulnerable Flash cross-domain policies

2. IBurpExtenderCallbacks gets a new method:

public IScanIssue[] getScanIssues(String urlPrefix);

This method returns all of the current scan issues for URLs matching the specified literal prefix. The prefix can be null to match all issues.

3. Previously, Burp Scanner could be configured to skip server-side injection checks for specific parameters. This feature is useful to avoid wasting time testing built-in platform parameters that are unlikely to contain vulnerabilities like SQL injection. Client-side issues like XSS are still checked for because this involves hardly any overhead.

Now, you can also configure Burp Scanner to skip absolutely all tests for specific parameters. This is useful if you know that a parameter is not used by the application, or if changing its value causes problems like session termination:

Image

4. Various bugfixes.



http://releases.portswigger.net/2009/08/v1215.html

Don
CISSP, MCSE, CSTA, Security+ SME
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sun Sep 06, 2009 9:05 pm

Re: Burp Suite v1.2.15 Released

Sweet! I love Burp.
twitter.com/timmedin | http://blog.securitywhole.com

Return to Tools

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software