Security Misconfigurations

We can use Burp's Active Scan to scan for common security misconfigurations, such as SQL injection flaws (Figure 1).

The below example is based on HTB's API Attacks module.

Figure 1: Burp's active scanning reveals an SQLi flaw.

Scans can always produce false-positive results, thus, we need to always validating the findings (Figure 2).

Figure 2: Validating the SQLi vulnerability.