With the end of the traditional waterfall software development methodology and a rising need for more contemporary agile processes a necessity of security automation becomes obvious. On the operational side, continues integration and continues deployment (CIDC) approach requires security to be an integral part of the process.
BScan can be used to address these needs by scheduling automated batch jobs running on a regular basis, utilizing a well known BurpSuite vulnerability scanner’s capabilities and sending the results to software or security engineers for further analysis.
The following use cases are addressed by the tool:
- Run security scans offline from a command line headless (without UI).
- Change the type of scanning easily by changing configuration parameters.
- Extend the BScan’s functionality by adding external modules.
- Utilize Burp’s default spidering, active and passing scanning features.
- Integrate scan with different sources of known injections (e.g. Google’s fuzzdb: code.google.com/p/fuzzdb/).
- Create comprehensive security regression tests suites from artifacts provided by security auditors and run them periodically from a command line.
- Log found issues to a plain text file.
More information about the tool can be found here: http://credelius.com/bscan/