Previously I have discussed how Web Application Scanners such as Acunetix and Qualys do not provide any support for scanning (or even crawling) GWT (Google Web Toolkit) web applications. This led me to search for a vulnerability scanner that could; and up until now I found something that might be able to do the job!
PortSwigger Web Security’s Burp Suite seems to be the best candidate for performing vulnerability scans on GWT built web applications. The Burp Suite seems to have just recently added full JSON request parsing in June 28, 2012. This coupled with a GWT scanning plugin developed by alla from Germwell.com adds GWT scanning support to the Burp Suite!
Yes, the professional edition costs money, $299 per user per year (details) which is actually pretty cheap considering it is one of the best out there and that Acunetix costs $1,445 for Small Business Edition for only 1 website (details). And Acunetix does not even support GWT and as we have seen in my previous post this issue has been raised about 1 year ago and has been continually ignored.