Seeking Advice on Configurations for Vulnerability Assessment Scans in BurpSuite Professional [closed]
I am currently conducting vulnerability assessment and penetration testing for an OTC platform that facilitates energy import and export. The platform caters to two types of users: 1) Admin and 2) DISCOM, a normal user.
I am utilizing BurpSuite Professional for conducting vulnerability assessment scans. While BurpSuite offers various configurations for scans (including built-in and custom configurations), I am seeking expert advice on the best approach for conducting both live passive and live active scans.
In the initial phase of vulnerability assessment, I performed a live scan by selecting the pre-configured task 'Passively scan all traffic passing through proxy.' This scan detected several medium and information-related issues, including email addresses disclosed in responses, cacheable HTTPS responses, disclosure of private IP addresses, lack of enforced strict transport security, and frameable responses (potential clickjacking).
Could you suggest a configuration that would enable me to detect maximum vulnerabilities effectively?