Burp Scanner is a tool that automates the search for weaknesses within the runtime version of an application. Scanner attempts to find security vulnerabilities based on the behavior of the application.
Scanner will identify indicators that may lead to the identification of a security vulnerability. Burp Scanner is extremely reliable, however, it is the responsibility of the pentester to validate any findings prior to reporting.
There are two scanning modes available in Burp Scanner:
- Passive scanner: Analyzes traffic passing through the proxy listener. This is why its so important to properly configure your target scope so that you aren't scanning ...