HTTP cookies often control critical website features, but their long and convoluted history exposes them to parser discrepancy vulnerabilities. In this post, I'll explore some dangerous, lesser-known ...
Andres Rauschecker, 26 years old, and Munich-based, is a cybersecurity enthusiast to his very core. He got into the field at a young age, pursuing what was initially just an interest and turning it ...
Blind SQL injection occurs when an application is vulnerable to SQL injection, but its HTTP responses do not contain the results of the relevant SQL query or the details of any database errors. Many ...
In this example, a shopping application lets the user view whether an item is in stock in a particular store. This information is accessed via a URL: https://insecure ...
"I do have to say, if you're not in the @PortSwigger discord you're missing out."@t0xodile, Burp Suite Professional user The PortSwigger Discord is a great way to see what Burp developers are working ...
Increasingly complex web applications. Across numerous domains. Integrated via a range of APIs. These are the challenges faced by modern pentesters - all with the added pressure of delivering accurate ...
It's well known that WAFs only scan up to a certain amount of data per request. This extension allows a tester to manually insert junk data and adds junk data to Active Scans by duplicating each scan ...
This release introduces site map filter Bambdas, match and replace Bambdas, dynamic authentication tokens for API scanning, and Enhanced payload management for Intruder attacks. We’ve also made ...
As pentesters we all had at least one test where we all needed to use Base64 Image converters online which took an extra efort of copying things and sometimes we were running out of time. Captcha ...
Access control is the application of constraints on who or what is authorized to perform actions or access resources. In the context of web applications, access control is dependent on authentication ...
In this section, we'll cover the basics of the two most common OAuth grant types. If you're completely new to OAuth, we recommend reading this section before attempting to complete our OAuth ...
You need to configure Firefox so that you can use it for testing with Burp Suite.
Results that may be inaccessible to you are currently showing.
Hide inaccessible results
Feedback