Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Security standards

Vivek Nov 23, 2018 11:48AM UTC

Do the vunarabilities identified are classified to any security standards (OWASP/CWE)?
Also whether the latest scanner covers all the OWASP 2017 top 10 vunarabilities ?


Liam Tai-Hogan Nov 23, 2018 11:53AM UTC Support Center agent

Vivek, Burp classifies issues with CWE where appropriate, e.g.

- https://portswigger.net/kb/issues/00100100_os-command-injection

Yes, Burp can test for all of the vulnerability types listed in the 2017 OWASP top ten. It’s worth noting that A10 (Insufficient logging and monitoring) isn’t really a vulnerability type, although you could use Burp to test whether attacks trigger your monitoring system.


Post Your public answer

Your name
Your email address
Answer