LogoScannerVersionVendor
Burp Suite Professional1.7.03PortSwigger

Tested Against WAVSEP Version:
1.6

Product Details:
Accurate
Version
License /
Technology
Last Update
Source Code
Activity
1.7.03 (GA) Commercial
Java 1.7.x
12-05-2016

General Features:
GUIConfigUsageStabilityPerformanceReportScanLogPauseSession
Very SimpleVery SimpleVery StableVery Fast

Authentication, Control and Connection Features:
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param

Coverage Features:
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
9

Input Vector Support:
C
O
U
N
T
G
E
T
P
O
S
T
C
O
O
K
I
E
H
E
A
D
E
R
S
E
C
R
E
T
P
N
a
m
e
X
M
L
X
m
l
A
T
T
X
m
l
T
A
G
J
S
O
N
.
N
e
t
E
N
C
A
M
F
J
a
v
a
S
E
R
.
N
e
t
S
E
R
W
C
F
W
C
F
-
B
i
n
W
e
b
S
o
c
k
D
W
R
C
u
s
t
o
m
20

Audit Features:
C
O
U
N
T
S
Q
L
i
B
S
Q
L
i
S
S
J
S
i
R
X
S
S
P
X
S
S
D
X
S
S
J
S
O
N
h
L
F
I
R
F
I
C
M
D
E
x
e
c
U
P
L
O
A
D
R
E
D
I
R
E
C
T
C
R
L
F
i
L
D
A
P
i
X
P
A
P
H
i
M
X
i
S
S
I
F
O
R
M
A
T
i
C
O
D
E
i
X
M
L
i
E
L
i
B
U
F
F
E
R
o
I
N
T
E
G
E
R
o
C
O
D
E
D
i
s
c
B
A
C
K
U
P
f
P
A
D
D
I
N
G
A
U
T
H
b
P
R
I
V
e
X
X
E
S
E
S
S
I
O
N
F
I
X
A
T
I
O
N
C
S
R
F
A
D
o
S
23

Complimentary Audit Features:
WebServer
Hardening
CGI
Scanning
Dir & File
Enumeration
Passive
Analysis
Additional
Features
Custom InputVector Support,Rest-style URL Parameters Attack Vector, External Plugins Supporting Java Serialized Objects and WCF Binary Manual Testing, Fuzzer (Intruder), Anti CSRF Support via macro configuration, Manual configuration of Loutout detection.

The SQL Injection Detection Accuracy of the Scanner:
Detection AccuracyChart
100.00% Detection Rate
10.00% False Positives
(136/136)
(1/10)

The Reflected XSS Detection Accuracy of the Scanner:
Detection AccuracyChart
96.97% Detection Rate
0.00% False Positives
(64/66)
(0/7)

The Path Traversal / Local File Inclusion Detection Accuracy of the Scanner:
Detection AccuracyChart
69.12% Detection Rate
12.50% False Positives
(564/816)
(1/8)

The Remote File Inclusion Detection Accuracy of the Scanner:
Detection AccuracyChart
85.19% Detection Rate
0.00% False Positives
(92/108)
(0/6)

The WIVET Score of the Scanner:
WIVET ScoreChart
50.00% Detection Rate

Additional Audit Features:
Header Manipulation, Stored DOM Injection, Server Side Template Injection, Clickjacking, Dir/File enumeration via the discover content feature in the sitemap.

Additional Features:
Custom InputVector Support,Rest-style URL Parameters Attack Vector, External Plugins Supporting Java Serialized Objects and WCF Binary Manual Testing, Fuzzer (Intruder), Anti CSRF Support via macro configuration, Manual configuration of Loutout detection.

Overview:
Custom Input Vector Support via the intruder custom insertion points (added to the scanner scan queue), File and directory enumeration enabled by using the "discover content" on the context menu of the site map.


Copyright © 2010-2016 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.