Burp Suite Professional
Burp Suite Pro is a web application security testing tool that identifies vulnerabilities in web applications and web services. You can combine the security testing capabilities of Burp Suite Pro with Brinqa's risk management and reporting tools to obtain a centralized and unified view of your attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Burp Suite Pro and how to obtain that information from Burp Suite. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Burp Suite Pro from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Burp Suite Pro with Brinqa:
-
Server: You must create a custom data server for the machine where the Burp Suite Pro reports reside, and then select your server for the integration.
-
Reports Directory: The fully qualified path to your Burp Suite Pro reports directory. Wildcards are allowed in the path, e.g.:
/feeds/burpsuite/*.xml. This path is located on the data server where Brinqa looks for the scan results to import them into the Brinqa Platform. -
Max Age: The maximum number of days that a Burp Suite Pro report is retained. Any value less than 0 indicates that the file does not expire, and 0 indicates not to keep the file.
-
Max Files: The maximum number of Burp Suite Pro reports to retain. Any value less than 0 indicates that there is no limit on the number of files to retain, and 0 indicates not to keep any file. Setting this field to 0 or above can be useful for when you want to ensure that the Brinqa Platform does not become overloaded with Burp Suite Pro reports.
Additional settings
The Burp Suite Pro connector contains an advanced option for specific configuration:
- Rename or move file after it's processed: Allows you to specify what should happen to the file after it has been imported and processed by Brinqa.
Types of data to retrieve
The Burp Suite Pro connector can retrieve the following types of data from Burp Suite Pro:
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Dynamic Code Finding | Yes | Dynamic Code Finding |
| Dynamic Code Finding Definition | Yes | Dynamic Code Finding Definition |
| Site | Yes | Site |
The Burp Suite Pro connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from Burp Suite Professional in the Brinqa Platform, see How to view your data.
APIs
As the Burp Suite Pro connector is file-based, it doesn't rely on any API endpoints and thus, doesn't offer any operation options.
Changelog
The Burp Suite Professional connector has undergone the following changes:
3.1.3
- Added an APP_ID attribute in the Dynamic Code Finding object.
- Added two attributes, APP_ID and APP_NAME, in the Site object to support custom app names.
3.1.2
- Added an APP_NAME attribute in the Dynamic Code Finding object to support custom app names.
- Updated dependencies.
3.0.4
- Added a LAST_SEEN attribute in the Site object.
3.0.3
- Added two attributes, SOURCE_SEVERITY and SEVERITY_SCORE, in the Dynamic Code Finding Definition object.
3.0.0
- Initial Integration+ release.