We recently launched our Burp Suite Certified Practitioner accreditation to enable our users to validate their self-taught skills as web security practitioners. We've already created the software, so

We recently launched our Burp Suite Certified Practitioner accreditation to enable our users to validate their self-taught skills as web security practitioners. We've already created the software, so

The modern web is an increasingly complex beast. Each passing year brings with it new frameworks, technologies, and design trends - not to mention vulnerabilities. All of this adds to your testing wor

Burp Extensions (and your own custom extensions) will now be supported by Burp Suite Enterprise Edition, brand new for the 2021.8 release. If you've had much experience with Burp Suite Professional, i

774 organizations in 68 countries are now using Burp Suite Enterprise Edition to improve and scale security across their web portfolios. As we pass the three-year anniversary of development on Burp Su

Author: Orange Tsai(@orange_8361) from DEVCORE P.S. This is a cross-post blog from Zero Day Initiative (ZDI) This is a guest post DEVCORE collaborated with Zero Day Initiative (ZDI) and published at their blog, which describes the exploit chain we demonstrated at Pwn2Own 2021!  Please visit the following link to read that :)FROM PWN2OWN 2021: A NEW

At PortSwigger, we pride ourselves on pushing the boundaries of web security. Just take a peek at some of our researchers' recent and upcoming talks from the likes of Black Hat and DEF CON if you'd li

Author: Orange Tsai(@orange_8361) P.S. This is a cross-post blog from DEVCORE The series of A New Attack Surface on MS Exchange:A New Attack Surface on MS Exchange Part 1 - ProxyLogon!A New Attack Surface on MS Exchange Part 2 - ProxyOracle!A New Attack Surface on MS Exchange Part 3 - ProxyShell!A New Attack Surface on MS Exchange Part 4 (coming soon...)

Author: Orange Tsai(@orange_8361) P.S. This is a cross-post blog from DEVCORE Hi, this is the part 2 of the New MS Exchange Attack Surface. Because this article refers to several architecture introductions and attack surface concepts in the previous article, you could find the first piece here: A New Attack Surface on MS Exchange Part 1 -

We launched the Web Security Academy in April 2019, as a means of providing free training and learning materials for security professionals. We now have 200 labs, and last year the Web Security Academ

Apparently we're halfway through 2021 already (where does the time go?). Here's an update on what we've added to our products so far this year, as well as some exciting new features we're adding to ou

Two years ago, PortSwigger's director of research James Kettle presented "HTTP Desync Attacks" on-stage at BlackHat USA and kicked off a wave of request smuggling, but at that time HTTP/2 escaped seri