Some Windows servers perform specialized functions, and need to be assessed accordingly. For example, you should scan your web servers for general security vulnerabilities, but also scan them for vulnerabilities that are specific to web applications. The Burp Suite Web Vulnerability Scanner does just that. Burp Suite focuses on vulnerabilities found in web applications and makes it easy to scan for those weaknesses. Depending on your needs, you can get Burp Suite as Enterprise, Professional, or Community licenses. Each license provides different levels of service. The Community edition is free, but lacks the powerful Web Vulnerability Scanner. To get the scanner, you’ll need at least the Professional license. Figure 7-17 shows the defined web server target for a vulnerability scan. Figure 7-18 shows the results of a web vulnerability scan. Figure 7-19 shows an Executive Report that Burp Suite created based on the previous scan.
FIGURE 7-17 Defining the targets for a Burp Suite web vulnerability scan.
FIGURE 7-18 Burp Suite web vulnerability scan results.
FIGURE 7-19 Burp Suite web vulnerability scan results report.
3.133.133.61