When you're starting out in the world of web security, it can be overwhelming trying to work out where to begin. There are dozens of vulnerability classes, and numerous exploit techniques to learn abo
The US-based organization Sprocket Security provides continuous penetration testing services to customers by monitoring clientsβ attack surfaces and searching for new and novel exploitation techniques
For too long, web race-condition attacks have focused on a tiny handful of scenarios. Testing for them is inherently unreliable, compounded by known challenges relating to time constraints and network
We recently launched BChecks, scripted scan checks that allow you to create customized scans without the hassle of learning advanced programming. We've shortlisted the top ten BChecks (so far) that ha
I love it when Chrome releases a new feature, I especially like it when it is experimental. In this post I'm going to show you how I created Tic Tac Toe (Noughts and crosses) with HTML, using one of t
Check out our roadmap for Burp Suite and find out what exciting features are coming your way over the next 12 months. Burp Suite Professional Added to the roadmap Added BChecks - testing tool - When c
As a penetration tester, you need your tools to find the latest vulnerabilities. GraphQL APIs are widely used on todayβs websites, and expose attack surface for a wide range of security issues. Burp S
Want to create customized scans without the hassle of learning advanced programming? Burp Suite's got you covered. Scripted scan checks - or BChecks - are now a full reality with the 2023.6 release of
Scripted scan checks in Burp Suite Professional are now a thing ...Β tl;dr Burp Suite Professional now has a powerful yet simple scripting language that allows you to quickly build on our world c
Thereβs a running joke on the scanner development team; for the longest time I had net negative lines of code added to the Burp Suite codebase, and everyoneβs convinced that Iβm trying to regain that
More than 1,000 organizations are using Burp Suite Enterprise Edition to scale their web vulnerability scanning - using the same Burp Scanner favored by 73,000 penetration testers. Pay as you scan cre
More than 1,000 organizations are using Burp Suite Enterprise Edition to scale their web vulnerability scanning - using the same Burp Scanner favored by 72,000 penetration testers. In addition to scan
tl;dr We have released BSEEPT - Burp Suite Enterprise Edition Power Tools which: Is a command line tool to drive all aspects of the BSEE GraphQL API. Is a Python client library to allow you to easily
We recently published some research on server-side prototype pollution where we went into detail on techniques for detecting this vulnerability black-box. To make your life easier, we've integrated th
The roadmap shown here is out of date. Please see our July 2023 roadmap update. Believe it or not, it's January once again. And this can mean only one thing - it's time to update you on the changes we
We launched the Burp Suite Certified Practitioner (BSCP) certification at the end of 2021 due to growing demand from Burp Suite Professional customers. Spanning everything from classic vulnerability c
It's been two years since we unleashed browser powered scanning on the world, and we decided what better way to celebrate than to start again from scratch! It started out as a task, how did it end up
If you follow the Burp Suite roadmap, then you'll know that we're working on a complete rewrite of the "Wiener" API used in Burp Suite Professional and Burp Suite Community Edition. The new API is cod
We recently launched the Burp challenge, to give our customers a unique opportunity to demonstrate their skills with Burp Suite Professional. Not only that, but the challenges involved put your web vu
Introducing Dastardly - a free, lightweight web application security scanner for your CI/CD pipeline, from the makers of Burp Suite. Secure web development ain't easy Ensuring your code is written sec
PortSwigger recently launched a scholarship scheme, specifically directed at creating opportunities for young women to kick-start their tech career. Our scholarships offer paid work opportunities, tai
We are increasing prices for Burp Suite Professional and Burp Suite Enterprise Edition, due to a significant increase in costs caused by global inflation. The price of an annual Burp Suite Professiona
Itβs been a year since we launched our Burp Suite Certified Practitioner exam, so weβve been reflecting on some of the improvements and developments weβve made across both our preparation materials an
The roadmap shown here is out of date. Please see our January 2023 roadmap update. With six (and a bit) months of 2022 already gone, it's time to bring you an update on the latest happenings down at B
Thank you to those who attended our recent PortSwigginar on Burp Suite Enterprise Edition. Below is the video of the session, which included; A recap on βwhatβs newβ within the product for those who h
If you use Burp Suite Professional or Burp Suite Community Edition for manual security testing, then you'll be familiar with tools like Burp Repeater and Burp Intruder. They make life as a tester much
Thank you to those who attended our recent PortSwigginar on Burp Suite Enterprise Edition. Below is the video of the session, which included: A recap on "what's new" within the product for those who h
Last year we made it significantly easier to find DOM XSS, when we introduced a brand new tool called DOM Invader. This year, we've improved DOM Invader to make finding CSPP (client-side prototype pol
If you've ever installed any Burp extensions from the BApp Store, you'll know that it's a great way to extend your capabilities and tailor Burp Suite to your every need. If you've not, then what are y
Login
