Coming very soon: Dastardly, from Burp Suite
2022-10-27 21:3:30 Author: portswigger.net(查看原文) 阅读量:23 收藏

Matt Atkinson | 27 October 2022 at 13:03 UTC


New product alert! Dastardly is a free, lightweight web application security scanner for your CI/CD pipeline - and it's going to be landing in the next few days. It'll check your application for seven security issues you care about in ten minutes or less, and it uses Burp Scanner to do it.

Dastardly will enable you to use the tried and trusted scanner from the core of both Burp Suite Enterprise Edition and Burp Suite Professional, at absolutely no cost. It can navigate modern web applications like SPAs - which many scanners struggle with - and it brings with it all the accuracy of the DAST methodology.

Here are the seven issues that Dastardly will check your application for:

       
  1. Cross-site scripting (XSS) (reflected).
  2.    
  3. Cross-origin resource sharing (CORS) issues.
  4.    
  5. Vulnerable JavaScript dependencies.
  6.    
  7. Content type not specified.
  8.    
  9. Multiple content types specified.
  10.    
  11. HTML does not specify charset.
  12.    
  13. Duplicate cookies set.

PortSwigger hand-picked these seven issues because they're likely to be of interest during the early stages of web application development. They're not the 160+ issues that full versions of Burp Scanner can check for, but these seven checks will provide you with fast feedback - and enable you to catch security issues before they become painful to fix.

Find out more

We'll be releasing Dastardly in the next few days. Follow us on Twitter, and be among the first to know when it drops.

Matt Atkinson


文章来源: https://portswigger.net/blog/coming-very-soon-dastardly-from-burp-suite
如有侵权请联系:admin#unsafe.sh