Movatterモバイル変換

ProductsSolutionsResearch AcademySupportCompany

Customers About Blog Careers Legal Contact Resellers

My account Customers About Blog Careers Legal Contact Resellers

Burp Suite DAST

Burp Suite DASTThe enterprise-enabled dynamic web vulnerability scanner.

Burp Suite Professional

Burp Suite ProfessionalThe world's #1 web penetration testing toolkit.

Burp Suite Community Edition

Burp Suite Community EditionThe best manual tools to start web security testing.View all product editions

Burp Scanner

Burp Suite's web vulnerability scanner

Burp Suite's web vulnerability scanner'

Attack surface visibilityImprove security posture, prioritize manual testing, free up time.CI-driven scanningMore proactive security - find and fix vulnerabilities earlier.Application security testingSee how our software enables the world to secure the web.DevSecOpsCatch critical bugs; ship more secure software, more quickly.Penetration testingAccelerate penetration testing - find more bugs, more quickly.Automated scanningScale dynamic scanning. Reduce risk. Save time/money.Bug bounty huntingLevel up your hacking and earn more bug bounties.ComplianceEnhance security monitoring to comply with confidence.

View all solutions

Product comparison

What's the difference between Pro and Enterprise Edition?

Burp Suite Professional vs Burp Suite Enterprise Edition

Support CenterGet help and advice from our experts on all things Burp.DocumentationTutorials and guides for Burp Suite.Get Started - ProfessionalGet started with Burp Suite Professional.Get Started - EnterpriseGet started with Burp Suite Enterprise Edition.User ForumGet your questions answered in the User Forum.DownloadsDownload the latest version of Burp Suite.

Visit the Support Center

Downloads

Download the latest version of Burp Suite.

The latest version of Burp Suite software for download

Back to documentation home

Professional and Community Edition

ProfessionalCommunity Edition

XXE injection

Last updated:November 18, 2025
Read time:1 Minute

XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access.

You can use Burp to test for XXE injection vulnerabilities.

Tutorials in this section

[8]ページ先頭

©2009-2025 Movatter.jp