Scanner
Burp Scanner can automatically do vulnerability assessment of web applications.
We can conduct an active scan, which involves sending more data to the server, or passive scanning, which is basically looking for vulnerabilities passing through the Proxy tool. Either Custom scope can be set for the scanning, or active scanning can be done for the already existing suite scope.
The Burp Scanner tool can also be configured to provide a point-and-click scan, but this is not recommended according to the tool. Most web application scanners suffer from similar issues in terms of the following:
The coverage of the application is one major issue. In most cases, automated scanners are unable to understand JavaScript or Flash content. In scanner terms, this is called crawling.
If the crawling is not complete, all the functionality cannot be tested for security, and there is no clear way of saying whether the web application is secure or not.
Most scanners are unable to manage the session handling...