Burp Suite Plugin Supports GWT Security Scanning

Posted on Updated on

Previously I have discussed how Web Application Scanners such as Acunetix and Qualys do not provide any support for scanning (or even crawling) GWT (Google Web Toolkit) web applications. This led me to search for a vulnerability scanner that could; and up until now I found something that might be able to do the job!

PortSwigger Web Security’s Burp Suite seems to be the best candidate for performing vulnerability scans on GWT built web applications. The Burp Suite seems to have just recently added full JSON request parsing in June 28, 2012. This coupled with a GWT scanning plugin developed by alla from Germwell.com adds GWT scanning support to the Burp Suite!

All that is needed is the Burp Suite Professional Edition and the downloaded GWT Burp Plugin and your ready to go.

Yes, the professional edition costs money, $299 per user per year (details) which is actually pretty cheap considering it is one of the best out there and that Acunetix costs $1,445 for Small Business Edition for only 1 website (details). And Acunetix does not even support GWT and as we have seen in my previous post this issue has been raised about 1 year ago and has been continually ignored.

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s