Web Security Testing with Burp Suite

Paths

Web Security Testing with Burp Suite

Author: Dr. Sunny Wear

Whether you are a developer or a security professional, understanding how applications are attacked is the key to defending them. Burp Suite is an integrated platform and... Read more

What you will Learn

  • Setting up your Burp Suite environment
  • Examining target websites using Burp 2.x
  • Scanning your web application with Burp 2
  • Interpreting your results
  • Explaining vulnerabilities found and your findings
  • Simulating Hybrid Spidering your Web Application
  • Exploiting Vulnerabilities in your web application
  • Integrating Burp and File Attacks
  • Writing your own Burp extension automation
  • Customizing Burp Suite with macros and plugins
  • Writing custom Burp Macros, Plugins in Java & Python

Pre-requisites

  • Working knowledge of common web application vulnerabilities

Web Security Testing with Burp Suite

What is the use of Burp Suite? Burp Suite is an integrated platform/graphical tool for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. Burp Suite is installed by default in Kali Linux.

The tool is written in Java and developed by PortSwigger Web Security. The tool has three editions: a Community Edition that can be downloaded free of charge, a Professional Edition and an Enterprise Edition that can be purchased after a trial period. The Community edition has significantly reduced functionality. It intends to provide a comprehensive solution for web application security checks. In addition to basic functionality, such as proxy server, scanner and intruder, the tool also contains more advanced options such as a spider, a repeater, a decoder, a comparer, an extender and a sequencer.

Web Application Penetration Testing with Burp Suite

by Dr. Sunny Wear

May 21, 2020 / 2h 26m

2h 26m

Start Course
Description

In this course, Web Application Penetration Testing with Burp Suite, you will learn hands-on techniques for attacking web applications and web services using the Burp Suite penetration testing tool.

This tutorial is designed to expand your knowledge of the Burp Suite beyond just capturing requests and responses.

First, you'll learn about scoping your target application properly.
Next, you'll spend some time scanning to trigger potential security vulnerabilities in your target, then digging deep into the results to validate your findings.
Finally, you'll wrap up by leaning how to properly report your results to your audience.

By the end this course, you'll know how to perform all of these techniques at a comfortable and efficient level to better perform your job as a pen tester.

Table of contents
  1. Course Overview
  2. Setting up Your Burp Suite Environment
  3. Spidering Your Web Application
  4. Scanning Your Web Application
  5. Digging Deeper into Your Results
  6. Documenting Your Findings

Advanced Web Application Penetration Testing with Burp Suite

by Dr. Sunny Wear

May 21, 2020 / 1h 48m

1h 48m

Start Course
Description

Did you know Burp Suite makes automation, data exfiltration, and customization techniques possible to help make you an even better pentester?

This advanced course, Advanced Web Application Penetration Testing with Burp Suite, is designed to expand your knowledge of the Burp Suite product to utilize many of the lesser known features offered in the tool.

You will learn How to:

  • Exploit security vulnerabilities in your target
  • Write your own Burp extension
  • Perform automation with Burp, and more
By the end this course, you'll know how to perform all of these techniques at a comfortable and efficient level to better perform your pentesting tasks.

If you are currently a mid-to-senior level developer or pentester and wish to learn about attacking web applications using more features of Burp Suite, then this course is designed for you.

Table of contents
  1. Course Overview
  2. Setting up Your Burp Suite Environment for This Course
  3. Hybrid Spidering Your Web Application
  4. Exploiting Vulnerabilities in Your Web Application
  5. Integrating Burp and File Attacks
  6. Writing Your Own Burp Extension and Exercising Automation

Writing Burp Suite Macros and Plugins

by Dr. Sunny Wear

Nov 20, 2017 / 2h 48m

2h 48m

Start Course
Description

Harness the power of Burp Suite to cater to all of your pentesting needs. In this course, Writing Burp Suite Macros and Plugins, you will learn how to create customized Burp Suite functionality that fits any special business requirement. First, you will uncover the secrets of using Burp Macros to assist you with automated testing. Then, you will dive into how you can write Burp Extensions in both Java and Python languages. Next, you will cover Burp Macros for automating Logins, populating CSRF tokens, and solving CAPTCHA puzzles. Additionally, you will gain an understanding of the Burp API in Java and Python languages by looking at several examples of Burp plugins along with challenge exercises for you to complete in writing Burp extensions. Finally, you will learn how to automate Burp Macros and Extensions into your DevOps build process. By the end this course, you will know how to perform these techniques at a comfortable and efficient level to better perform your job as a pen tester or developer.

Table of contents
  1. Course Overview
  2. Burp Suite Customizations: Macros and Plugins
  3. Diving into Burp Macros
  4. Writing Custom Burp Macros
  5. Diving into Burp Plugins in Java
  6. Writing Custom Burp Plugins in Java
  7. Diving into Burp Plugins in Python
  8. Writing Custom Burp Plugins in Python
  9. Using Your Macros and Plugins with Burp Automation