![]() It'll be interesting to see new features rolled out in Enterprise over the next few months so watch this space for another write-up! Burp's new REST API I'll continue to use the professional edition in my work given the breadth of features which are obviously lacking in the enterprise version, and the stability provided by the standalone tool. It feels like the project is in its infancy when compared with other enterprise offerings, but the groundwork has been laid for what could be a game changing move from Portswigger. I believe they are on the right track with their objectives in making the tool more CI/CD friendly with the introduction of the API and agent-based workers. My hope is that this will be addressed in new iterations. This is a shame because on the same target host, when running the professional edition, no such issues exist. One of the drawbacks I found with Enterprise was the agent failing and giving no information as to why. This also allows for the programmatic approach that is often lacking in a CI/CD deployment pipeline - the ability to schedule and perform scans on code-push, and have the build break if the findings exceed a particular threshold (e.g., a high or critical vulnerability was detected with high confidence). This is a massive step forward by Portswigger which aims to transform the tool from a simple standalone executable, to something that can be distributed and scaled across an enterprise where needed. I say this because now users can have as many agents as required for running parallel tasks across their enterprise. ![]() I'm currently using Burp Suite enterprise v1.0.01 and professional v2.0.02 and have been unable to find this as an option. Previous versions of the professional edition had the ability to export scan results to HTML. One of the things I was unable to find was the reporting feature.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |