We can use Burp's Active Scan to scan for common security misconfigurations, such as SQL injection flaws (Figure 1).
The below example is based on HTB's API Attacksarrow-up-right module.
Scans can always produce false-positive results, thus, we need to always validating the findings (Figure 2).
Last updated 1 year ago
