Burp Suite is a graphical tool for testing Web application security. The tool is composed in Java and created by PortSwigger Security.
Burp Scanner is composed by industry-driving penetration testers. Burp Scanner incorporates a full static code investigation engine for the discovery of security vulnerabilities.
Burp’s scanning logic is persistently refreshed with upgrades to guarantee it can locate the most recent vulnerabilities.
This release adds support for 5 new Vulnerabilities
CSS injection vulnerabilities emerge when an application imports a template from a client provided URL, or implants client input in CSS hinders without sufficient escaping.
They are firmly correlated with cross-site scripting (XSS) vulnerabilities however regularly trickier to abuse it.
Link manipulation happens once associated application embeds user input into the trail or domain of URLs that seem at intervals application responses.
An attacker can use this vulnerability to construct a link that, if visited by another application user, can modify the target of URLs at intervals the response.
It’s going to be potential to leverage this to perform varied attacks, such as:
Client-side protocol parameter pollution (HPP) vulnerabilities arise once associated application embeds user input in URLs in an unsafe manner.
An attacker will use this vulnerability to construct a universal resource locator that, if visited by another application user, can modify URLs at intervals the response by inserting extra question string parameters and typically predominate existing ones.
This might lead to links and forms having sudden facet effects. The security impact of this issue depends for the most part on the character of the appliance practicality.
Form action hijacking vulnerabilities arise once application places user-supplied input into the action URL of an HTML form.
An attacker will use this vulnerability to construct an URL that, if visited by another application user, can modify the action address of a kind to purpose to the attacker’s server.
If a user submits the form then its contents, together with any input from the victim user, are going to be delivered to the attacker server.
Even if the user does not enter any sensitive info, the form should still deliver a legitimate CSRF token to the attacker, allowing them to perform CSRF attacks.
Open redirection vulnerabilities emerge when an application joins client controllable information into the target of a redirection in a dangerous way.
An attacker can develop a URL inside the application that makes a redirection to an arbitrary external domain. This conduct can be utilized to encourage phishing assaults against clients of the application.
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…