In this chapter, we learned about the tools Burp Suite uses to detect the most common vulnerabilities related to input validation weaknesses.
Most of them are detected using Burp Suite's Scanner
, which is an active scanner that works while the pentester is navigating the application. So, it is more interactive and has more access to hide areas than other scanners. However, this vulnerabilities could be detected by sending crafted requests and putting attention in the response. For this task, the Intruder
tool is the most useful of Burp Suite's tools.
In the next chapter, we will be looking for errors that are not related to input validation.