Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Risks involved while scanning production environment

Utkarsh | Last updated: Sep 22, 2016 09:46AM UTC

Are there any risks involved while scanning the production environment using Burp suite pro ? I have heard lot of issues from people reporting that it leads to data corruption and such issues.Just need to be sure if such issues can occur.

Liam, PortSwigger Agent | Last updated: Sep 22, 2016 09:47AM UTC

Hi Utkarsh Thanks for your message. Yes, there are risks involved when scanning a production environment. Like any security testing software, Burp Suite contains functionality that can damage target systems. Testing for security flaws inherently involves interacting with targets in non-standard ways that can cause problems in some vulnerable targets. You should take due care when using Burp, read all documentation before use and back up target systems before testing. Please let us know if you need any further assistance.

Z3d | Last updated: Jul 14, 2021 07:11AM UTC

Lot of things might have changed in BurpSuite till now so I need to ask again, are there any risk to run automated scan of professional version on production. If yes, than how can we run automated scan safely on production.

Ben, PortSwigger Agent | Last updated: Jul 14, 2021 08:46AM UTC

Hi, Yes, this is still the case. As Liam has mentioned, testing for security flaws involves interacting with targets in a non-standard way that can cause issues and this is still relevant (and is always likely to be). If you absolutely have to test against a production site then we would recommend having back-ups in place (so that the site can be restored if something does go wrong) and to make sure you understand the types of vulnerability that you have configured Burp to scan for.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.