portswigger.net
Burp Suite Success Stories
https://portswigger.net/burp/successstories.html
Burp Suite, the leading toolkit for web application security testing. The In-House Security Team. Burp has reduced my need for outside consultants. Jennifer manages an eight-strong security team, working within a major financial services organization. The team’s skills are generalist in nature, and they perform a variety of audit-based work within the company. They do a small amount of hands-on web application testing, but Jennifer outsources most of this work to technical specialist consultants. The con...
blog.portswigger.net
PortSwigger Web Security Blog: May 2014
http://blog.portswigger.net/2014_05_01_archive.html
Burp Suite, the leading toolkit for web application security testing. PortSwigger Web Security Blog. Thursday, May 29, 2014. PortSwigger is sponsoring BSides Manchester. PortSwigger Web Security is proud to be a gold sponsor of BSides Manchester. This free security conference is right on our doorstep in the North West of England, so we're very happy to be supporting it. To claim your ticket - first come first served! Subscribe to: Posts (Atom). PortSwigger is sponsoring BSides Manchester.
releases.portswigger.net
Burp Suite Professional - release notes: 1.6.24
http://releases.portswigger.net/2015/08/1624.html
Burp Suite, the leading toolkit for web application security testing. Burp Suite Professional - Release Notes. Wednesday, August 5, 2015. This release adds a new Scanner check for server-side template injection. Template engines are widely used by web applications to present dynamic data via web pages and emails. Unsafely embedding user input in templates leads to a vulnerability that is:. Frequently critical, allowing full arbitrary code execution on the server. Easily mistaken for cross-site scripting.
portswigger.net
Burp Suite Help - Getting Started With Burp Suite
https://portswigger.net/burp/help/suite_gettingstarted.html
Burp Suite, the leading toolkit for web application security testing. Getting Started With Burp Suite. Also in the Burp Suite Support Center. Getting started with Burp Suite. Using Burp Suite may result in unexpected effects in some applications. Until you are fully familiar with its functionality and settings, you should only use Burp Suite against non-production systems. Website. For Burp Suite Professional users, you can log in. To launch Burp, first check whether Java is installed:. If Java is not in...
portswigger.net
Burp Intruder
https://portswigger.net/intruder
Burp Suite, the leading toolkit for web application security testing. Burp Intruder is a tool for automating customized attacks against web applications, to identify and exploit all kinds of security vulnerabilities. Burp Intruder is exceptionally powerful and configurable, and its potential is limited only by your skill and imagination in using it. You can use Intruder to:. Of application requests to identify common vulnerabilities, such as SQL injection, cross-site scripting, and buffer overflows.
blog.portswigger.net
PortSwigger Web Security Blog: July 2014
http://blog.portswigger.net/2014_07_01_archive.html
Burp Suite, the leading toolkit for web application security testing. PortSwigger Web Security Blog. Monday, July 28, 2014. Burp gets new JavaScript analysis capabilities. The latest release of Burp includes a new engine for static analysis of JavaScript code. This enables Burp Scanner to report a range of new vulnerabilities, including:. Local file path manipulation. Ajax request header manipulation. DOM-based denial of service. Some further refinement may be necessary of Burp's rules for identifying ta...
blog.portswigger.net
PortSwigger Web Security Blog: February 2015
http://blog.portswigger.net/2015_02_01_archive.html
Burp Suite, the leading toolkit for web application security testing. PortSwigger Web Security Blog. Tuesday, February 17, 2015. Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities. Early last year Gareth Heyes. Unveiled a fascinating new technique for attacking web applications by exploiting path-relative stylesheet imports, and dubbed it ‘ Relative Path Overwrite. Webpages can use path-relative links to load content from nearby folders. For example, say a browser loads.
portswigger.net
Burp Suite
https://portswigger.net/suite
Burp Suite, the leading toolkit for web application security testing. Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an applications attack surface, through to finding and exploiting security vulnerabilities. Burp Suite contains the following key components:. For crawling content and functionality. An advanced web application Scanner. Screenshot...
releases.portswigger.net
Burp Suite Professional - release notes: March 2015
http://releases.portswigger.net/2015_03_01_archive.html
Burp Suite, the leading toolkit for web application security testing. Burp Suite Professional - Release Notes. Tuesday, March 31, 2015. This release contains various bugfixes and minor enhancements:. Some Scanner issues that are reported on a per-host basis (for example, Flash cross-domain policy) were previously reported on the root host node of the Scanner results tree. These are now correctly reported at the node for a specific URL where applicable (e.g. /crossdomain.xml). A bug where multiple Proxy h...
releases.portswigger.net
Burp Suite Professional - release notes: February 2015
http://releases.portswigger.net/2015_02_01_archive.html
Burp Suite, the leading toolkit for web application security testing. Burp Suite Professional - Release Notes. Tuesday, February 17, 2015. This release adds a new Scanner check for path-relative style sheet import (PRSSI) vulnerabilities. PRSSI vulnerabilities (sometimes termed "relative path overwrite") are not widely understood by security testers or application developers. The key prerequisite for the vulnerability (a CSS import directive that uses a path-relative URL) is both seemingly innocuous ...