Hi folks,
today I suggest this good reading from PortSwigger. They show up new features of Burp Suite v1.4 comparing site maps.

The first broad area of new functionality in Burp v1.4 is various features to help test access controls. Fully automated tools generally do a terrible job of finding access control vulnerabilities, because they do not understand the meaning or context of the functionality that is being tested. For example, an application might contain two search functions – one that returns extracts from recent news articles, and another that returns sensitive details about registered users. These functions might be syntactically identical – what matters when evaluating them is the purpose of each function and the nature of the information involved. These factors are way beyond the wit of today’s automated tools.

They promised more blogging on the topic, I really am curious to see what next Burp features have been implemented !

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.